Re: [Samba] samba 2.2.6 to samba3.0

2003-10-23 Thread Brad Langhorst 
On Wed, 2003-10-22 at 16:12, Yahya AZZOUZ wrote:
 hello,
 
 i want to update samba 2.2.6 to 3.0.
 i have samba-ldap installed.
 i don't want to create all the machine again. What files i have to save 
 from samba 2.2.6 to have all the machines in the domaine after installed 
 samba 3.0.
you just need to maintain the same domain SID (and name of course0
use 
rpcclient's lsaquery command on the old installation to determine this 

then use net setlocalsid with that value on the new installation.

Be aware that the ldap schema has changed so you'll have to migrate your
data (or i'm told there are some compatibility ldap options - google if
you want that)

it's pretty painless really - there are scripts to do the ldap upgrade.

best wishes!

brad
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] german characters and Samba 3.0

2003-10-23 Thread Stefan G. Weichinger 
Hi, Andrew Bartlett,

am Donnerstag, 23. Oktober 2003 um 02:01 schrieben Sie:

AB On Thu, 2003-10-23 at 09:36, Stefan G. Weichinger wrote:
 Hi,
 
 I just upgraded my customer´s servers to Samba 3.
 
 Unfortunately in the former 2.x installation there was the wrong
 character set/codepage configured (the defaults ...).


 This is kind of scary because I backup them via Amanda ... so I have
 the strange filenames on tape ... with characters I can´t even type.
 Would be pretty annoying to recover anything particular ...
 
 What can I do about it ?

AB Use a UTF8 terminal.  The characters have been recorded perfectly - but
AB to see them, you should set your system localle to UTF8, and use a UTF8
AB termainal.

Thank you for answering, I had some kind of a bad sleep thinking about
that. I just adjusted my Putty to UTF8 and the filenames look pretty
...

Best regards,
and once again my thanks for doing that nice work on Samba,

Stefan G. Weichinger
mailto:[EMAIL PROTECTED]



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : RE : [Samba] Samba 3 pre01 security=domain problem to accessfromxpclient

2003-10-23 Thread jean-marc pouchoulon 


how do you propagate the Unix accounts from your PDCBDC to your member
server in order to allow user auth from Samba ? 

Ldap posixaccount


Also, one of the problem I encountered is that I tried to specify an
auth methods = string, even when specifying guest, sam. But it
failed. So removing it helped a lot.

I try to play with that without any success.

Could anyone tell me more about security = domain versus security =
server ?
I found few things but nothing explained in details. I understand only
that in security = domain the auth is done 
One time.

The problem is probably on the xp client. Can someone can explain the
registry keys involved in communication between sambaAnd xp ? ( for
instance, I change only requiresignorseal=dword: and it works
well with samba 3 as DC )

Thanks 

jean-marc

 -Original Message-
 From: jean-marc pouchoulon 
 [mailto:[EMAIL PROTECTED]
 Sent: mercredi 22 octobre 2003 14:54
 To: 'jean-marc pouchoulon'; [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: RE : [Samba] Samba 3 pre01 security=domain problem to 
 accessfromxpclient
 
 
 Just one more thing
 With security = server it works.
 
 
 -Message d'origine-
 De :
 [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]
 ists.samba
 .org] De la part de jean-marc pouchoulon
 Envoyé : mercredi 22 octobre 2003 14:50
 À : [EMAIL PROTECTED]
 Cc : [EMAIL PROTECTED]
 Objet : [Samba] Samba 3 pre01 security=domain problem to access 
 fromxpclient
 
 
 I try to implement a new server using domain auth
 ( server , pdc , bdc are on redhat 9 samba3pre1)
 
 
 Smb.conf of server:
 
 [global]
 workgroup = DOMAIN
 netbios name = G4
 server string = %h server (Samba %v)
 security = domain
 password server = SERV2 SERV3 (PDC and BDC)
 
 wins support = no
 wins proxy = no
 wins server = ip_address_of_wins_server
 
 domain master = no
 local master = no
 preferred master = no
 os level = 0
 
 
 log level = 99
 log file = /var/log/samba/log.%m
 socket options = TCP_NODELAY IPTOS_LOWDELAY
 
 [homes]
 comment = Espace Partagé pour les utilisateurs
 browseable = yes
 path = %H
 writable = yes
 create mode = 0700
 
 Net join to DOMAIN was done without problem. 





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba, winbind and NT 4.0 suddenly stop working together

2003-10-23 Thread Thomas Zehbe 
Hi Folks,
since several months an installation using samba 2.2.7a on a SuSE 8.2 
box (2.4.20 kernel) worked fine using winbind to authenticate users at 
an NT 4.0 SP6a Server including ont-the-fly creation of home dirs on the 
LINUX box. There are about 20 WinCients working.

Since monday authentication stops working without any (known) event like 
machine crashes, reconfiguring etc. So all users lost access to home an 
group shares. wbinfo isn?t working, getent only shows local users and 
groups.

I tried several things. Rejoining the domain (smbpasswd -j), setting the 
SID (smbpasswd -w), reinstalling SP6a on the NT box - nothing helps. 
ping to the NT box works. To get the people working i created linux 
accounts with fitting uids an gids.

Does anyone has any idea???
Here are some line of the logs an configs.
winbind (seems to me to be the core problem):
...
[2003/10/22 11:22:34, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for CDU
...
smbd:
...
[2003/10/22 08:01:58, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/10/22 08:01:58, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2003/10/22 08:01:58, 0] 
smbd/password.c:connect_to_domain_password_server(1367)
connect_to_domain_password_server: unable to setup the PDC credentials 
to machine C150. Error was : NT_STATUS_OK.
[2003/10/22 08:01:58, 0] smbd/password.c:domain_client_validate(1599)
domain_client_validate: Domain password server not available.
[2003/10/22 08:01:58, 1] lib/util_sock.c:get_socket_name(977)
Gethostbyaddr failed for 192.168.2.232
[2003/10/22 08:01:58, 1] smbd/service.c:make_connection(636)
stiewe2 (192.168.2.232) connect to service stiewe as user stiewe 
(uid=10025, gid=1) (pid 4887)
...
The 192.168.2.232 is the Client who tries to connect.

smb.conf:
[global]
workgroup = xyz
netbios name = GENERAL
interfaces = 192.168.2.100/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = 192.168.2.200
log level = 1
null passwords = yes
debug level = 1
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-15
client code page = 850
add user script = useradd -d /dev/null -g 500 -s /bin/false %m$
logon path = \\%L\profiles\%U
logon home = \\%L\%U\profile
domain logons = Yes
os level = 64
domain master = No
wins server = 192.168.2.200
winbind uid = 1-2
winbind gid = 1-2
template homedir = /nutzerdaten/winhomes/%U
obey pam restrictions = yes
Thanks

Thomas Zehbe

INGENION GmbH
Fon 0 50 31 / 9 02 04-2
Fax 0 50 31 / 9 02 04-9
www.ingenion.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] preserve rights - backup Windows NT4 to Linux

2003-10-23 Thread Fink Oliver 
Hello,

I'm trying to backup a Windows machine to
a Linux with smbtar. It works - 

but I as far as I can see - the permissions and file owner 
are not stored

How could I manage something like that ??

I would like to be able to do the backup via a
cron-job on the LINUX - so I don`t want to use 
ntbackup or something like that 


Greeting and thanks !!!

Olli


-
BildungsCenter der Arbeiterkammer Vorarlberg
Fink Oliver
Schiesstätte 16
6800 Feldkirch

Tel.: 05522/3551-16
Fax:  05522/3551-17
e-mail: mailto:[EMAIL PROTECTED]
-


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Re: accessing shares

2003-10-23 Thread Emmanuel Viennot 
I don't know  how samba deals with Active Directory. I only use Linux group
and user with samba. Maybe try @root for the write list.

Unix permissions do matter ! The samba permissions can only be more
restrictive than Unix permission. it is not possible to make a folder
writable by a group with Samba if this group doesn't have the Unix
perimission.

For authentication, check your smbpasswd file to verify that each user that
try to access a share as a valid samba account. You can add a samba account
using the command smbpasswd -a myuser. The log file you are looking at is
the good one. You might increase the debug level in your smb.conf.

On my network we have the same account on PCs than on the linux samba server
so we don't have that kind of problems.

Emmanuel Viennot
Directeur Technique
Liddell Production
39, rue du Fbg Poissonnière - 75009 Paris
Tel: 01 53 24 68 35 Fax: 01 53 24 66 25

Tim Jordan, Network Services [EMAIL PROTECTED] a écrit
dans le message de news:[EMAIL PROTECTED]
 Domain Admins is a valid Active Directory group.  I have it
 groupmapped to:
 Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005)
 - root
 tim is a member of the root group

 [LinuxSoftware]
 comment = OpenSource
 path = /mnt/windows/Software/
 public = yes
 writable = yes
 printable = no
 write list =@Domain Admins
 drwxr--r--   57  timroot32768 Oct  8 00:49 Software (Do the
 unix permissions matter or just what is in the smb.conf?)

 For the other share is you account TIM or tim ? Unix is case sensitive as
 far as i know.
 
 TIM is my windows active directory account - tim is my local unix account.
 [TIM]
 comment = Tim's Service
 path = /home/tim/
 writeable = TIM
 read only = No

 Winbind should be handling all authentication from our M$ PDC.  I can
 log into my Samba box with a M$ domain account.  I just can't seem to
 get the share authentication working.  I'm not sure what logs to watch.
 I have been reviewing the smbd, nmbd, winbind, and the log that is
 corresponding to the workstation trying to connect to the Samba share.

 In the logs I noticed that winbind is trying to authenticate the
 microsoft workstation connecting to the Samba share.

  [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305)
process_request: request fn GETPWNAM
  [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112)
[22176]: getpwnam DOL-ANC-WTS2$
  [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
user 'DOL-ANC-WTS2$' does not exist

 Have I missed something in the HOW TO: ?  I don't recall having to
 create machine accounts on the Samba server.  I thought Samba is
 supposed to authenticate the user trying to access the share.  If that
 is true perhaps I have a pam config file wrong?  I don't know where to
 start looking at how the authentication is handled on the Samba share
 and more importantly what order of authentication is being done...how do
 I tweak that order to point authentication to my M$ PDC?  I did it for
 the pam.d/login config file.

 Perhaps I'm not even on the right track...
 Tim


 Emmanuel Viennot wrote:

 May be you should check your write list parameter wich is @Domain
Admins
 . Is  Domain Admins a valid group and is tim a member of this group ?
 For the other share is you account TIM or tim ? Unix is case sensitive as
 far as i know.
 
 Hope that help.
 
 
 
 

 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trusts between Windows 2003 and Samba 3.0 don't work

2003-10-23 Thread Wieseckel, Marcus 

Hi,

 

I'm running samba 3.0 pre 1 with ldapsam backend on SuSE 8.2 Prof.
Everything works fine. The creation of interdomain trusts between samba -
nt/2000/samba works also without any problems. It's possible to add users
from the trusting domain to local groups, sharing directorys for the other
side and

logon on both sides with different accounts from the other Domain. 

 

The Order when I createing the Trust is follow:

 

1. Createing the trust on the samba side ( net rpc trustdom add win2k3test
password )

2. Check it with net rpc trustdom list

3. Createing a two-way trust on the Windows 2003 side and deactivate all
secure settings in the domaincontroller security policy like
requiresignorseal and Microsoft network server: Digitally sign
commnunications (always)

4. When i try to establish the Trust with net rpc trustdom establish
win2k3test and after this i type in the right password, i get following
error-message. 

 

sql-domlin:/usr/sbin # net rpc trustdom establish win2k3test
Password:
[2003/10/22 14:33:19, 0] utils/net_rpc.c:rpc_trustdom_establish(1829)
  Couldn't not initialise wkssvc pipe


 

I had already raise the log level to 10, but I can't find the problem while
the creation of the trust. Do anyone know what's problem could be? 

I hope the postet information is enough. Thanks for your help

 

Best regards

Marcus

 

My smb.conf:

[global]

netbios name = SVR_SAMBA
workgroup = DOM_SAMBA
serverstring = SVR_SAMBA

os level = 254
log level = 10
log file = /var/log/samba/samba.log

preferred master = yes
local master = yes
domain master = yes
domain logons = yes
time server = yes

security = user
encrypt passwords = yes

wins support = yes
name resolve order = wins lmhosts host bcast

socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
utmp = yes
keep alive = 30
host msdfs = yes
unix charset = UTF8

interfaces = 127.0.0.1 eth0
bind interfaces only = true


add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u



# Backend-Parameter#


passdb backend = ldapsam:ldap://127.0.0.1
algorithmic rid base = 1
winbind cache time = 600
template shell = /bin/bash
template homedir = /home/%u
winbind use default domain = yes
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind enum groups = yes
winbind enum users = yes
ldap admin dn   = cn=ldapadmin,dc=samba,dc=corp
ldap suffix = dc=samba,dc=corp
ldap machine suffix = ou=machines
ldap group suffix   = ou=groups
ldap user suffix= ou=users


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] Samba3+ldapsam+Win9x userlist, Bug596?! sniffing info

2003-10-23 Thread jean-marc pouchoulon 
Thereby sorry for being impolite :-(, but at present I'm running samba
3.0.1pre1 with ldapsam in the production servers, and Win9x clients
couldn't get list of users and groups from Samba DCs (Bug596). I have 3
choices:
- -- Switch back to 2.2.7 (not very nice:-(, I would need group support
for policy)
- -- Switch to tdbsam with fam/rsync/ssh-ing password and group
mappings (very ugly and error prone :-()
- -- Wait, in hope of a solution/workaround
Please give me an advice, which one could harm less.

Thanks for not shooting me for bore you with my problems.

Same questions for me ( luckily the xp client works in my basic
conf but I have needs from my win98's users).

I can see with ethereal that after the groups name will be
return by the server.
After there is a 'SMB Transaction Response, Error: General
failure'

51   8.613145 serv1 - client SMB Transaction Response

  00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10   ...nH..7..E.
0010  01 a0 23 50 40 00 40 06 76 6b ac 1d a0 3e ac 1d   [EMAIL PROTECTED]@.vk.
0020  a7 13 00 8b 04 03 cd d9 58 bf 00 19 92 a7 50 18   X.P.
0030  88 e0 e0 f1 00 00 00 00 01 74 ff 53 4d 42 25 00   .t.SMB%.
0040  00 00 00 80 01 c8 00 00 00 00 00 00 00 00 00 00   
0050  00 00 01 00 61 20 64 00 82 3c 0a 00 00 3c 01 00   a d...
0060  00 00 00 38 00 00 00 3c 01 38 00 00 00 00 00 3d   ...88.=
0070  01 00 05 00 02 03 10 00 00 00 3c 01 00 00 1d 00   ...
0080  00 00 24 01 00 00 00 00 00 00 00 00 00 00 01 00   ..$.
0090  00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 02   
00a0  00 00 36 00 36 00 01 00 00 00 d7 07 00 00 30 00   ..6.6.0.
00b0  30 00 01 00 00 00 ed 07 00 00 26 00 26 00 01 00   0.
00c0  00 00 03 02 00 00 16 00 16 00 01 00 00 00 1b 00   
00d0  00 00 00 00 00 00 1b 00 00 00 41 00 64 00 6d 00   ..A.d.m.
00e0  69 00 6e 00 69 00 73 00 74 00 72 00 61 00 74 00   i.n.i.s.t.r.a.t.
00f0  65 00 75 00 72 00 73 00 20 00 64 00 75 00 20 00   e.u.r.s. .d.u. .
0100  44 00 6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00   D.o.m.a.i.n.e...
0110  00 00 18 00 00 00 00 00 00 00 18 00 00 00 55 00   ..U.
0120  74 00 69 00 6c 00 69 00 73 00 61 00 74 00 65 00   t.i.l.i.s.a.t.e.
0130  75 00 72 00 73 00 20 00 64 00 75 00 20 00 44 00   u.r.s. .d.u. .D.
0140  6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00 13 00   o.m.a.i.n.e.
0150  00 00 00 00 00 00 13 00 00 00 49 00 6e 00 76 00   ..I.n.v.
0160  69 00 74 00 65 00 73 00 20 00 64 00 75 00 20 00   i.t.e.s. .d.u. .
0170  44 00 6f 00 6d 00 61 00 69 00 6e 00 65 00 00 00   D.o.m.a.i.n.e...
0180  00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 73 00   ..s.
0190  6d 00 62 00 6d 00 61 00 63 00 68 00 69 00 6e 00   m.b.m.a.c.h.i.n.
01a0  65 00 00 00 00 00 04 00 00 00 00 00 00 00 e.

 52   8.614780 client - serv1 SMB Transaction Request

  00 07 e9 06 b7 37 00 00 e8 6e 48 e2 08 00 45 00   .7...nH...E.
0010  00 b8 51 11 40 00 80 06 09 a2 ac 1d a7 13 ac 1d   [EMAIL PROTECTED]
0020  a0 3e 04 03 00 8b 00 19 92 a7 cd d9 5a 37 50 18   ...Z7P.
0030  1c d4 51 5a 00 00 00 00 00 8c ff 53 4d 42 25 00   ..QZ...SMB%.
0040  00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00   
0050  00 00 01 00 61 20 64 00 02 3d 10 00 00 3c 00 00   a d..=.
0060  00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 50   ...P
0070  00 3c 00 50 00 02 00 26 00 ff 75 49 00 00 5c 00   ..P.uI..\.
0080  50 00 49 00 50 00 45 00 00 00 05 00 00 03 10 00   P.I.P.E.
0090  00 00 3c 00 00 00 1e 00 00 00 24 00 00 00 00 00   .$.
00a0  33 00 00 00 00 00 0c 00 00 00 00 00 00 00 16 99   3...
00b0  97 3f db 5d 00 00 04 00 00 00 00 00 00 00 30 75   .?.]..0u
00c0  00 00 00 e8 03 00 ..

 53   8.614790 serv1 - client TCP netbios-ssn  1027 [ACK]
Seq=3453573687 Ack=1676087 Win=35040 Len=0

  00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10   ...nH..7..E.
0010  00 28 23 51 40 00 40 06 77 e2 ac 1d a0 3e ac 1d   .([EMAIL PROTECTED]@.w..
0020  a7 13 00 8b 04 03 cd d9 5a 37 00 19 93 37 50 10   Z7...7P.
0030  88 e0 c7 77 00 00 ...w..

 54  13.262490 serv1 - client SMB Transaction Response, Error: General
failure

  00 00 e8 6e 48 e2 00 07 e9 06 b7 37 08 00 45 10   ...nH..7..E.
0010  02 64 23 52 40 00 40 06 75 a5 ac 1d a0 3e ac 1d   [EMAIL PROTECTED]@.u..
0020  a7 13 00 8b 04 03 cd d9 5a 37 00 19 93 37 50 18   Z7...7P.
0030  88 e0 3e ad 00 00 00 00 02 38 ff 53 4d 42 25 03   8.SMB%.
0040  00 1f 00 80 01 88 00 00 00 00 00 00 00 00 00 00   
0050  00 00 01 00 61 20 64 00 02 3d 0a 00 00 00 02 00   a d..=..
0060  00 00 00 38 00 00 00 00 02 38 00 00 00 00 00 01   ...8.8..
0070  02 00 05 00 02 03 10 00 00 00 68 06 00 00 1e 00   ..h.
0080  00 00 50 06 00 00 00 00 00 00 40 a3

[Samba] Logon path, logon home, logion drive, %u %U samba 3pre1 mix env win 98 and win XP config questions ( easy answers )

2003-10-23 Thread jean-marc pouchoulon 
I set 

logon path = \\serv1\profile\%U
  logon drive = H:
  logon home = \\serv1\%U\.profiles

For a user lambda
The profile from the win98 client are store in /home/lambda/.profiles./
But the H drive is mapped for the xp clients on /home/lambda/.profiles./

If I set 
logon home = \\serv1\%U\

the H drive is set correctly but the profile for the xp is
straightly stored in the /home/lambda 

What I don't understand ?

Thanks

Jean-Marc Pouchoulon


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Do i need Samba 3 to use windows folder redirection to a samba server (running 2.2.8 currently)

2003-10-23 Thread John Simovic 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] pam_smbpass on Solaris box

2003-10-23 Thread Martynas Buozis 
Hello


I decided to test password migration (on Solaris 8 box with SUNWspro C) and built 
samba with pam_smbpass module :

CC=cc ./configure --prefix=/opt/local/samba --with-acl-support --with-pam 
--with-pam_smbpass

Then installed bin/pam_smbpass.so in /usr/lib/security :

# ls -al /usr/lib/security/pam_smbpass.so
-rwxr-xr-x   1 root sys  2091380 Oct 23 11:01 /usr/lib/security/pam_smbpass.so

Changed /etc/pam.conf :

other   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other   auth requisite  /usr/lib/security/$ISA/pam_krb5.so.1 use_first_pass
other   auth optional   /usr/lib/security/$ISA/pam_smbpass.so migrate


And found, that PAM authentication it is not working at all (none of passwords are 
accepted). In syslog messages I see two messages for every session (for example - 
telnet) :

Oct 23 12:00:22 local login: [ID 487707 auth.error] load_modules: can not open module 
/usr/lib/security/pam_smbpass.so
Oct 23 12:00:31 local login: [ID 487707 auth.error] load_modules: can not open module 
/usr/lib/security/pam_smbpass.so

In truss output I see this :

9662:   stat64(/usr/lib/security/pam_smbpass.so, 0xFFBEFAB8) = 0
9662:   stat(/usr/lib/security/pam_smbpass.so, 0xFFBEF3F4) = 0
9662:   open(/usr/lib/security/pam_smbpass.so, O_RDONLY) = 3
9662:   fstat(3, 0xFFBEF3F4)= 0
9662:   mmap(0x, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF03
9662:   mmap(0x, 1392640, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFED0
9662:   mmap(0xFEE36000, 62088, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 
3, 1204224) = 0xFEE36000
9662:   mmap(0xFEE46000, 49716, PROT_READ|PROT_WRITE|PROT_EXEC, 
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFEE46000
9662:   munmap(0xFEE28000, 57344)   = 0
9662:   munmap(0xFEE54000, -8192)   Err#22 EINVAL
9662:   memcntl(0xFED0, 277476, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
9662:   close(3)

and later :

9662:   stat64(/usr/lib/security/pam_smbpass.so, 0xFFBEFB28) = 0
9662:   stat(/usr/lib/security/pam_smbpass.so, 0xFFBEF464) = 0
9662:   open(/usr/lib/security/pam_smbpass.so, O_RDONLY) = 6
9662:   fstat(6, 0xFFBEF464)= 0
9662:   mmap(0x, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 6, 0) = 0xFF03
9662:   mmap(0x, 1392640, PROT_READ|PROT_EXEC, MAP_PRIVATE, 6, 0) = 0xFEC8
9662:   mmap(0xFEDB6000, 62088, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 
6, 1204224) = 0xFEDB6000
9662:   mmap(0xFEDC6000, 49716, PROT_READ|PROT_WRITE|PROT_EXEC, 
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFEDC6000
9662:   munmap(0xFEDA8000, 57344)   = 0
9662:   munmap(0xFEDD4000, -8192)   Err#22 EINVAL
9662:   memcntl(0xFEC8, 277476, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
9662:   close(6) 

Whole telnet session look like this :

$ telnet testhost
Trying aaa.bbb.ccc.ddd...
Connected to testhost.
Escape character is '^]'.

testhost Login incorrect
login: martynas
Password:
Connection closed by foreign host.
$

Without pam_smbpass.so line in /etc/pam.conf session look like this :

$ telnet testhost
Trying aaa.bbb.ccc.ddd...
Connected to testhost.
Escape character is '^]'.

testhost login: martynas
Password:
Last login: Thu Oct 23 12:26:21 from aaa.bbb.ccc.ddd
$

Please note, that in first session there is Login incorrect\n in usual prompt 
testhost login.


Google and samba list archives gave no tip about what can be wrong.

Any ideas ? Thank you for response in advance.



With best regards
Martynas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Delay accessing samba 2.2.8

2003-10-23 Thread Tobias Schliebitz 
Hello folks,

I'm a newbie to this list, so please forgive me if I ask a question already
answered. Yet having searched the web for a solution to my problem yields no
results, so perhaps the question isn't that stupid:

I have set up a small WLAN with a slackware 9.0 server. Samba 2.2.8 is
installed and seems to work fine generally. I should add that I run it
wrapped up by tcpd, not as a standalone demon. Accessing the shares from my
m$ w98 clients, I encounter a significant delay (everything seems to freeze)
of about 1 min. This only happens the odd time, although quite regularly.

My network is, as far as I can say, stable. Name resolution is done via DNS
(bins 9.0 installed on linux box) and WINS (wins support = yes on samba).
Pinging my linux box yields instant replies, so no time should be wasted
here.

Any ideas anyone?

TIA,

Tobias
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon path, logon home, logion drive, %u %U samba 3pre1 mix env win 98 and win XP config questions ( easy answers )

2003-10-23 Thread Gémes Géza 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jean-marc pouchoulon írta:
| I set
|
|   logon path = \\serv1\profile\%U
|   logon drive = H:
|   logon home = \\serv1\%U\.profiles
|
| For a user lambda
| The profile from the win98 client are store in /home/lambda/.profiles./
| But the H drive is mapped for the xp clients on /home/lambda/.profiles./
|
| If I set
|   logon home = \\serv1\%U\
|
|   the H drive is set correctly but the profile for the xp is
| straightly stored in the /home/lambda
|   
| What I don't understand ?
|
| Thanks
|
| Jean-Marc Pouchoulon
|
|
So let we see what's here:

- --logon path is telling to NT (NT4, 2000, XP) clients where to find the
profile of the user %U
- --logon home is telling to 9x (95, 98, Me) clients where to find the
profile of the user %U, but also telling to all Windows variants, what
share to use for net use driveletter: /home the diference is that
win2k and winxp clients do this mapping without having to do that in a
logon script, using logon drive for that (if there is nothing mapped
onto it before e.g. by a logon script in this case they would map it to
driveletter Z:). The problem is that this clients have the feature of
mapping drive letters to subfolders of shares, unlike other windows
versions, which will map the share, ignoring any subfolder of it (or
give an error if you try it on command line).
I hope you can find something usefull from my endless story ;-)

Good Luck,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/l7MG/PxuIn+i1pIRAtPXAJ4zNTXzp/6538KbHeh5KEQirN9k1QCgtgv8
OclJp0JgKCu/pG6FkHXVaBQ=
=xAZ8
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID mappingweirdness :(

2003-10-23 Thread Andrew Smith-MAGAZINES 
I also need to get centralised mapping configured if I am to deploy Samba, although 
we're planning to deploy an LDAP server also so this isn't an additional overhead for 
me.

Two comments, to avoid the additional overhead of implementing a seperate LDAP 
infrastructure could future versions of Samba support storing the idmap mapping date 
in Active Directory?
When using idmap = ldap in the current release of Samba 3 there doesn't appear to be 
any option for specifying a bind account, does this mean I have to allow anonymous 
write access to my LDAP server(s)?

thanks Andy Smith.

PS can you specify multiple idmap backend = ldap:.. servers? or is this a single point 
of failure?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
John H Terpstra
Posted At: 22 October 2003 23:43
Posted To: Samba
Conversation: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID
mappingweirdness :( 
Subject: Re: [Samba] Samba 3.0.0 -- ACLs are unusable due to UID/SID
mappingweirdness :( 


On Wed, 22 Oct 2003, Eric Horst wrote:


   By consistent and simple I mean,  something like -- you have a
   Windows user that needs to get to a Samba share? Create a UNIX account
   with the *same name* and you will get an smbd process with the UID and
   hence the permissions of that user accessing the files on the server
   (ok not always). The authentication will be done on the NT side though.
 
  Nope. You should use winbind for that. Any other way will cause you
  problems when you try to use ACLs.


 I think I understand at least a part of Anton's issue.  It's one that I've
 been thinking about as we deploy Samba 3.0.  We never really thought much
 about ACLs until now and have never run winbindd.  The problem boils down
 to this:  We currently have a group of seven Samba/NFS file servers which
 are members of a Windows domain.  The Windows usernames and group names
 are synchronized.  The numeric UIDs and GIDs are uniform across all of
 them by virtue of the fact that they have a common /etc/passwd.  We want
 to jump on the ACL bandwagon and do things right using winbindd.
 However, in a distributed environment the official way of mapping SIDs to
 UIDs consistently across the servers involves an 'idmap backend'.  All of
 the idmap backends involve ldap.  It is frustrating that I have to
 introduce the overhead of deploying an LDAP server and populate it with
 UID mappings even though the file servers already have an /etc/passwd
 which has enough information to map numeric Unix UIDs consistently.

 I know idmap'ing was a hot topic during development so you have probably
 already considered all of this.  At the time, watching the discussion I
 didn't follow it all but now starting to consider deployment the issues
 are becoming clearer.

Equally, the real issues, where the rubber meets the road, are becoming
clearer also. We anticipated these concerns correctly. I am glad we have
only a simple problem today. It could have been much more challenging.

We are now at a point where if the current limitations are too restrictive
we must know that very soon. I do not know if this can be changed for
3.0.1 (Jeremy will have to weigh in on that), but if the case is strong
enough it may be addressed for 3.0.2 (even that depends on what sort of
ground-swell there is for a change).

So here is my take: If this is a big show stopper issue please file a bug
report on https://bugzilla.samba.org. Please, if this is NOT a
show-stopper, then let's not pressure the developers too hashly - we pay
them peanuts and expect them to work night and day already! :)

- John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which 
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy 
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors 
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] $B!!!z9b5i%7%k%/%Q%s%F%#%W(B$B%l%<%s%H!z(B

2003-10-23 Thread $BBg?M$N$*$b$A$cDLHN%Q%o!<%"%C%W(B 
$B!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j(B
(B$BBg?M$N%8%g!<%/%0%C%:DLHN(B POWER-UP
$B!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j(B
(B
$B!y!z!y(B
$BCjA*$G(B200$BL>MM$K9b5i%7%k%/%Q%s%F%#$,Ev$?$k%*!<%W%s5-G0(B
$B%W%l%<%s%H(B $B!|(B
$B%*%J%[!<%k#H!\$A$s$A$s%(%W%m%s%;%C%H!J%+%i!<$O$*G$$;2<$5$$!K(B
(B
$B!!DjHV$N%&%l%?%s!_%7%j%3%s$NFs=E9=B$%*%J%[!<%k$H(B
$B!!M>J,$J%<%j!http://www.power-up.org/frame.htm
(B
$B!|(B $BFC2A>(B $B!|(B
$B:G?7=wM%%"[EMAIL PROTECTED](B
(B
$B!!Dj2A#1K\!o#1#5!$#3#0#0$N:G?7%S%G%*$,6C$-$NBgFC2A!*!*(B
$B!!DL>o2A3J$h$j$5$i$K#5#0!s#O#F#F!*(B
(B
$B$4CmJ8$O$3$A$i$+$i!!(Bhttp://www.power-up.org/frame.htm
(B
$B$3$N%a!<[EMAIL PROTECTED]"%"%I%l%9$N:o=|$O(B
$B=PMh$^$;$s!#(B
(B
$BG[?.ITMW$NJ}$O!"$*eIt$G$9(B
(Bhttp://www.power-up.org/frame.htm
(B--
(B$BAw?.

Re: [Samba] samba 2.2.6 to samba3.0

2003-10-23 Thread Andrew Bartlett 
On Thu, Oct 23, 2003 at 02:01:10AM -0400, Brad Langhorst wrote:
 On Wed, 2003-10-22 at 16:12, Yahya AZZOUZ wrote:
  hello,
  
  i want to update samba 2.2.6 to 3.0.
  i have samba-ldap installed.
  i don't want to create all the machine again. What files i have to save 
  from samba 2.2.6 to have all the machines in the domaine after installed 
  samba 3.0.
 you just need to maintain the same domain SID (and name of course0
 use 
 rpcclient's lsaquery command on the old installation to determine this 
 
 then use net setlocalsid with that value on the new installation.
 
 Be aware that the ldap schema has changed so you'll have to migrate your
 data (or i'm told there are some compatibility ldap options - google if
 you want that)

If you use the same configure options (--with-ldapsam) then these are 
enabled by default.  Otherwise, it's the ldapsam_compat passdb backend.
 
 it's pretty painless really - there are scripts to do the ldap upgrade.
 
 best wishes!
 
 brad
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] $B!!!z9b5i%7%k%/%Q%s%F%#%W(B$B%l%<%s%H!z(B

2003-10-23 Thread $BBg?M$N$*$b$A$cDLHN%Q%o!<%"%C%W(B 
$B!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j(B
(B$BBg?M$N%8%g!<%/%0%C%:DLHN(B POWER-UP
$B!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j!i!j(B
(B
$B!y!z!y(B
$BCjA*$G(B200$BL>MM$K9b5i%7%k%/%Q%s%F%#$,Ev$?$k%*!<%W%s5-G0(B
$B%W%l%<%s%H(B $B!|(B
$B%*%J%[!<%k#H!\$A$s$A$s%(%W%m%s%;%C%H!J%+%i!<$O$*G$$;2<$5$$!K(B
(B
$B!!DjHV$N%&%l%?%s!_%7%j%3%s$NFs=E9=B$%*%J%[!<%k$H(B
$B!!M>J,$J%<%j!http://www.power-up.org/frame.htm
(B
$B!|(B $BFC2A>(B $B!|(B
$B:G?7=wM%%"[EMAIL PROTECTED](B
(B
$B!!Dj2A#1K\!o#1#5!$#3#0#0$N:G?7%S%G%*$,6C$-$NBgFC2A!*!*(B
$B!!DL>o2A3J$h$j$5$i$K#5#0!s#O#F#F!*(B
(B
$B$4CmJ8$O$3$A$i$+$i!!(Bhttp://www.power-up.org/frame.htm
(B
$B$3$N%a!<[EMAIL PROTECTED]"%"%I%l%9$N:o=|$O(B
$B=PMh$^$;$s!#(B
(B
$BG[?.ITMW$NJ}$O!"$*eIt$G$9(B
(Bhttp://www.power-up.org/frame.htm
(B--
(B$BAw?.

Re: [Samba] samba 2.2.6 to samba3.0

2003-10-23 Thread Adam Tauno Williams 
   i want to update samba 2.2.6 to 3.0.
   i have samba-ldap installed.
   i don't want to create all the machine again. What files i have to save 
   from samba 2.2.6 to have all the machines in the domaine after installed
  you just need to maintain the same domain SID (and name of course0
  rpcclient's lsaquery command on the old installation to determine this 
  then use net setlocalsid with that value on the new installation.
  Be aware that the ldap schema has changed so you'll have to migrate your
  data (or i'm told there are some compatibility ldap options - google if
  you want that)
 If you use the same configure options (--with-ldapsam) then these are 
 enabled by default.  Otherwise, it's the ldapsam_compat passdb backend.

When we converted our PDC to 3.0 we first just upgraded Samba (bieng careful to
migrate the SID of course) and used ldapsam_compat,  then after a week of
successful operation we converted the Dit using the provided scripts and
switched to ldapsam.  This provides a low-risk and almost painless upgrade
route.  The ldapsam provides lots of advantages over ldapsam_compat, so it is
worth it to move.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Is it possible?

2003-10-23 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anton Solovyev wrote:
|
| I use Samba in security=domain mode and want
| NT domain SIDs mapped into UNIX UIDs
| with matching user names. Winbindd does not
| help, since it wants to assign random UIDs on its own.
|
| Am I going to get this functionality after I
| switch into AD mode?
no.  It will work without winbindd using
security = domain.;
| I am surprised it is such a gray area. You
| would think that pre-existing UNIX accounts
| matching Windows accounts and mixed access to
| UNIX boxes through Samba and interactive
| session is the most common configuration...
What is gray about this to you?  If you are
running winbindd, then UNIX accounts are
created automatically for the windows users.
If the winbindd lookup fails, then we lookup
an existing UNIX account by the same username.
There was one bug in 3.0.0 release regarding
this behavior and it has been fixed in cvs.
The only installations affected where those
joined to an AD domain and trying to user
local UNIX accounts for users from truested
realms.


cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ You can never go home again, Oatman, but I guess you can shop there.
~--John Cusack - Grosse Point Blank (1997)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/l9yDIR7qMdg1EfYRAtV7AJ4utLovk8JjJJssCwYKRhoHmdA+CwCgkYBz
zi9fuXxatJkmzqB6BAXcoy0=
=2pyj
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd problem

2003-10-23 Thread Taymour A. El Erian 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,

~I am doing a test install for Samba 3.0.0 with ldap sam backend,
when I try to delete a user, I get this output
# smbpasswd -x administrator
ldapsam_delete_entry: Could not delete attributes for
uid=administrator,ou=Users,dc=my-domain,dc=com, error: Object class
violation (object class 'account' requires attribute 'uid')
Failed to delete entry for user administrator.
Failed to modify password entry for user administrator
I am also unable to add any user other than administrator, if I try this

# smbpasswd -D 255  -a user

Trying to load: ldapsam:ldap://localhost/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost/
(ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=ADKILLER))]
smbldap_search_suffix: searching
for:[((objectClass=sambaDomain)(sambaDomainName=ADKILLER))]
smbldap_open_connection: ldap://localhost/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost/ as
cn=Manager,dc=my-domain,dc=com
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost/ has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[((uid=user)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [user] count=0
Finding user user
Trying _Get_Pwnam(), username as lowercase is user
Trying _Get_Pwnam(), username as uppercase is user
Checking combinations of 0 uppercase letters in USER
Get_Pwnam_internals didn't find user [user]!
Failed initialise SAM_ACCOUNT for user user.
Failed to modify password entry for user
Any ideas ?

- --
Taymour A El Erian
System Division Manager
CNA, MCSE, CCNA, LPIC
T.E. Data
E-mail: [EMAIL PROTECTED]
Web: www.tedata.net
Tel:+(202)-4166600
Ext:1101
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/l+AzX1dv4NHexooRAhZ2AKCnUDvInkdf4TYueS56srFoEYDpWwCffMpY
Nta4QFVaXi4k+LzDrvD3u0g=
=3Y6x
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Re: [Samba] Mounting for non-root users

2003-10-23 Thread Leon Stringer 
That works for me! I had a bit of trouble working out the sudoers syntax.
For the record the entry in /etc/sudoers:

leons   ALL=(ALL) NOPASSWD:/usr/sbin/smbmount //10.0.0.1/Users /home/leons/home -o 
credentials\=.credentials\,workgroup\=STAFFAMB\,uid=leons


The command:

sudo /usr/sbin/smbmount //10.0.0.1/Users ~/home -o 
credentials=.credentials,workgroup=STAFFAMB,uid=leons

Thanks for your help,

Leon...
 
 From: Heiko Wundram [EMAIL PROTECTED]
 Date: 2003/10/22 Wed AM 07:14:55 GMT
 To: Leon Stringer [EMAIL PROTECTED]
 CC: [EMAIL PROTECTED]
 Subject: Re: [Samba] Mounting for non-root users

 What about sudo? chmod 4755 is not really a secure way to allow users 
 access to commands which have to be run as root, unless you are the only 
 person working on this machine, and you are sure that no other person 
 might actually login on your machine.


-
Email provided by http://www.ntlhome.com/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba with two linux computers: wrong password in one direction,

2003-10-23 Thread Harald ARNOLD 
I am working with two computer with Linux. One is the 
master of the workgroup and the other is the slave. The
master is also password server. Both machines have
the same user with same password.

My problem is that I can mount anything with smbmount
from slave to master (//master/tmp) with correct password.

Trying the other way (mounting on master something of
slave (//slave/tmp) will no work with following message:

master: smbmount //slave/tmp /mnt username=user
[...]
pm_process() returned Yes
added interface ip=192.168.0.6 bcast=192.168.0.255 nmask=255.255.255.0
not adding duplicate interface 192.168.0.6
resolve_lmhosts: Attempting lmhosts lookup for name haribo0x20
resolve_hosts: Attempting host lookup for name haribo0x20
Connecting to 192.168.0.3 at port 139
 session request ok
Password:
 session setup ok
tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a 
Tree Connect or Session Setup are invalid.)
SMB connection failed

Please can anyone help me ! 

Thank you Harald
---

configuration files:

MASTER: SuSE V 7.1 (IP 192.168.0.6. samba 2.0.7)
===

[global]
   debug level = 4
   workgroup = ARNOLD
   guest account = nobody
   keep alive = 30
   os level = 65
   kernel oplocks = false
   security = server

   client code page = 850
   netbios name = saruman
   server string = saruman: samba-V.2.0.7
   interfaces = eth1 192.168.0.1/24
   bind interfaces only = yes
   min password length = 6
   password level = 8
   username level = 8
   null passwords = no

   default case = lower
   case sensitive = No
   preserve case = Yes
   short preserve case = Yes
   mangle case = No
   mangling char = ~

   admin users = harald admin
   hosts allow = 192.168.0.
   hosts deny =
   allow trusted domains = no
   announce as = NT Server
   dns proxy = yes
   domain logons = yes
   time server = yes

   dont descend = /proc, /dev
   follow symlinks = no
   hide dot files = yes

   username map = /etc/smbusermap
   valid users = harald erika nobody

   password server = 192.168.0.6
   encrypt passwords = yes

   printcap name = /etc/printcap
   printing = bsd
   load printers = yes
   socket options = TCP_NODELAY
   map to guest = Bad User
   local master = yes
   prefered master = yes
   wins support = yes
   domain master = yes

[tmp]
   comment = saruman: /tmp
   guest ok = no
   path = /tmp
   read only = no
   browseable = yes
   create mode = 0750
   valid users = harald erika icb

SLAVE (SuSE V 8.1, IP 192.168.0.3, samba 2.2.5-SuSE)
==

[global]
   workgroup = ARNOLD
   guest account = nobody
   keep alive = 30
   os level = 64
   kernel oplocks = false
   security = server

   client code page = 850
   netbios name = haribo
   server string = haribo: samba-V.2.2.5
   interfaces = eth0 192.168.0.3/24
   bind interfaces only = yes
   min password length = 6
   password level = 8
   username level = 8
   null passwords = no

   default case = lower
   case sensitive = No
   preserve case = Yes
   short preserve case = Yes
   mangle case = No
   mangling char = ~

   admin users = harald root
   hosts allow = 192.168.0.
   hosts deny =
   allow trusted domains = yes
   announce as = NT Server
   dns proxy = yes
   domain logons = yes
   time server = no

   dont descend = /proc, /dev
   follow symlinks = no
   hide dot files = yes

   username map = /etc/samba/smbusermap
   valid users = harald nobody root

   password server = 192.168.0.6
   encrypt passwords = yes
   update encrypted = yes

   printcap name = /etc/printcap
   printing = bsd
   load printers = yes

   socket options = TCP_NODELAY
   map to guest = Bad User
   local master = no
   prefered master = no
   wins support = yes
   domain master = no

[tmp]
   comment = haribo: /tmp
   guest ok = no
   path = /tmp
   read only = no
   browseable = yes
   create mode = 0750
   valid users = harald root

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] smbpasswd problem

2003-10-23 Thread jean-marc pouchoulon 
I am also unable to add any user other than administrator, if I try this

Get_Pwnam_internals didn't find user [user]! Failed initialise
SAM_ACCOUNT for user user. Failed to modify password
entry for user


Does your user exist en /etc/passwd or ldap with posix account
attribute?
Try pdbedit -a user to add your user.


Jean-Marc

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Large bin files when compiling

2003-10-23 Thread Jonas Jonsson 
Hi...

I have just installed Linux Slackare 9.1 with Gcc 3.2 Then I decieded to try out 
Samba 3 insted of 2 wich I have been using for a while now... 

I did this when compiling...
./configure --prefix=/usr
make

Then when I checked the source/bin dir there was about 400mb of files there... It was 
the correct bin files but they were so huge that ther has to be something wrong.. Smbd 
was about 40mb... 

Anyone got some ideas on what I can do to make the files smaler?

/Jonas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd problem

2003-10-23 Thread Jérôme Tournier 
 # smbpasswd -x administrator
 ldapsam_delete_entry: Could not delete attributes for
 uid=administrator,ou=Users,dc=my-domain,dc=com, error: Object class
 violation (object class 'account' requires attribute 'uid')

J'ai le même problème, et je ne comprens pas pourquoi.
Par contre, si tu souhaites supprimer complètement le compte (même le
compte unix), ajoute la directive suivante au smb.conf, et 'pdbedit -x
user' passe:
ldap delete dn = Yes
-- 
Jérôme


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: RE : [Samba] smbpasswd problem

2003-10-23 Thread Taymour A. El Erian 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am using pam_ldap for my system to keep users in LDAP, do I need to
first add the user in LDAP with posix account then run smbpasswd ?.
I tried adding it to ldap first (shadowaccount) then used pdbedit, this
worked
jean-marc pouchoulon wrote:

|I am also unable to add any user other than administrator, if I try this
|
|Get_Pwnam_internals didn't find user [user]! Failed initialise
|
|SAM_ACCOUNT for user user. Failed to modify password
|entry for user
|
|
|Does your user exist en /etc/passwd or ldap with posix account
|attribute?
|Try pdbedit -a user to add your user.
|
|
|Jean-Marc
|
|
|
- --
Taymour A El Erian
System Division Manager
CNA, MCSE, CCNA, LPIC
T.E. Data
E-mail: [EMAIL PROTECTED]
Web: www.tedata.net
Tel:+(202)-4166600
Ext:1101
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/l/MGX1dv4NHexooRAhucAJ9WdMuPtOqGWCYS7n1jfIhg+dw94wCfSP00
1riMcpNvgFCKZ6sEAE4achY=
=YkwO
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Unique Users

2003-10-23 Thread Tom McKellips 
I seen it once before but I cant find it. How do I limit samba to allow only 
one user login for each user.We have the user/password sharing problem and 
the same user will show up logged in at several workstations. Any user needs 
to be able to log in from any workstation but they should only be able to log 
in on only one at a time. How do I set this up?

Thanks

--
Internet Service Provided By Abyss Communications
Internet Service only $10 a month
1-866-842-2977
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2 question

2003-10-23 Thread Mark . Wilson 
hello ,

We currently have samba 2.2 running on solaris 2.6. We have noticed that 
the smb.log is not being written to so we can not check the log for 
errors. Please would you be able to advise how this can be restarted or 
are we missing a parameter that enables the logging ?

Kind regards
Mark.-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Large bin files when compiling

2003-10-23 Thread ww m-pubsyssamba 
something to do with debugging code being left in the first release of 3 apparently, 
run strip * in your bin directory,

ta Andy.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Jonas Jonsson
Posted At: 23 October 2003 16:23
Posted To: Samba
Conversation: [Samba] Large bin files when compiling
Subject: [Samba] Large bin files when compiling


Hi...

I have just installed Linux Slackare 9.1 with Gcc 3.2 Then I decieded to try out 
Samba 3 insted of 2 wich I have been using for a while now... 

I did this when compiling...
./configure --prefix=/usr
make

Then when I checked the source/bin dir there was about 400mb of files there... It was 
the correct bin files but they were so huge that ther has to be something wrong.. Smbd 
was about 40mb... 

Anyone got some ideas on what I can do to make the files smaler?

/Jonas
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which 
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy 
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors 
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL's vs Share definitions (Trying again)

2003-10-23 Thread Johan Arnet 
Hi Doug,
 
I'm having the same issue.  We have a test environment setup with
RedHat 9, Windows 2003 Enterprise Edition and one test workstations (XP
Pro).
 
We have the Kerberos / Winbind part working fine, we can log into the
Linux box with AD Creds and can browse the Windows Network and read the
shares on the samba server.  We can't set permissions as described in
the how-to or in any of the other docs I can find.
 
Can anyone help?!
 
Thanks in advance,
 
Johan


 Douglas Phillipson [EMAIL PROTECTED] 10/22/03 07:57AM 
I have the Win2000 client(s) in a Samba domain.  Domain authentication

works fine, my homes share works fine, remote profiles work fine.

Using 3.0.1Pre1 I would like to add people to someshare through the 
Security tab, and control their access through windows ACL's.

How should I setup a share as a basis for doing this?

The share below (someshare) in this email doesn't work.  Although I get

no error when adding another user to the share through the security tab

in windows, and the ACL's on the Linux side get added. The newly added

user, added via Properties-Security, does not have permission to 
write to the share.

Does the read list, write list and other similar parameters take 
precedence over an ACL set through windows?

If the share definition overrides all the ACL's, what good are ACL's?
Am 
I not using them properly?

How should I setup a share with minimal rights so an administrator can

grant users access to the share, through Windows ACL's?

Does winbind offer any advantages to me if no other DC's are involved.
I 
have one samba 3.0.1 DC with several win2000 PC's as a testbed.  I'm 
trying to really scope out what ACL's do for me.  I've read the section

on Winbind according to the Target Uses section winbind would be good

for adding Linux machines to an existing NT network.  I will have no 
existing NT machines or Domains so what does winbind offer me and do I

need to run it anyway?

On my NT4 box we grant access to printers through the Security tab on 
the printer, adding the user to the printer.  Is this possible with 
ACL's as they exist now with Samba and the ACL patch?

If so, how would you add a printer as a domain resource to do this, 
again through windows?  Or does it have to be added (if it can be
added) 
on the Linux side?  If on linux side, how do you add/create a domain 
printer.  Is the printer in the domain simply by being in the smb.conf

file?  I don't see my printer as a resource, domain or other,to choose

from in the security tab from within windows.

I did read the April 21 2003 version of the howto and these things were

not clear to me.  After I figure them out I would be happy to give you

some verbage if you would care to have it.

Thanks again Samba folks

Doug P

(Previous reference below)

I'm really struggling with ACL's and permissions.  I have a share owned

by a user (douglas).  Douglas can read, write and create to the share:

[someshare]
   comment = Public Stuff
   path = /home/samba/pub
   nt acl support = yes
   public = yes
   admin users = douglas
   write list = douglas

I'm logged in to Win2000 as douglas.  Through the security tab on 
Win2000 I add read and write permission to the top level share called 
public (but it's not really public) for terry.  I see terry in the 
list and everything seems to go OK in setting it.  Then I log off and 
login as terry.  Terry has no write access to the share.What takes

precedence?  The share definition in smb.conf or settings through the 
security tab in windows, which should be the ACL's.   Does adding a
user 
through the security tab effectively add another user to the write 
list.  If so, it isn't.  What am I doing wrong?

Here are the linux permissions:

ls -ld /home/samba/pub
drwxrwxrwt3 douglas  douglas4096 2003-10-20 22:18 
/home/samba/pub

Here are the ACL's from linux
getfacl -R --skip-base /home/samba/pub

getfacl: Removing leading '/' from absolute path names
# file: home/samba/pub
# owner: douglas
# group: douglas
user::rwx
user:terry:rwx
group::r-x
mask::rwx
other::rwx
default:user::rwx
default:user:terry:rwx Shouldn't terry have rwx access 
according to this?
default:group::---
default:mask::rwx
default:other::---


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Large bin files when compiling

2003-10-23 Thread Jonas Jonsson 
Tried the strip command and it worked great

But isn't ther a way to turn of these debugging symbols before I do the
make?
Tryed to add --disable-debug when configure... No change...

/Jonas
- Original Message - 
From: Edd Payne [EMAIL PROTECTED]
To: Jonas Jonsson [EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 5:46 PM
Subject: Re: [Samba] Large bin files when compiling


 Go to the directory where the big files are and type:
 strip smbd
 and repeat for all the big files.

 On a Linux i686 system this should get it down from 40Mb to about 1.9Mb (I
 think)

 It removes the debugging symbols - if you need them, just re-do a make
 install and it should put the old versions back.


 On Thursday 23 Oct 2003 4:22 pm, Jonas Jonsson wrote:
  Hi...
 
  I have just installed Linux Slackare 9.1 with Gcc 3.2 Then I
decieded
  to try out Samba 3 insted of 2 wich I have been using for a while now...
 
  I did this when compiling...
  ./configure --prefix=/usr
  make
 
  Then when I checked the source/bin dir there was about 400mb of files
  there... It was the correct bin files but they were so huge that ther
has
  to be something wrong.. Smbd was about 40mb...
 
  Anyone got some ideas on what I can do to make the files smaler?
 
  /Jonas

 -- 
 Edd Payne
 IT Co-ordinator
 University of London Union
 Malet Street, London WC1E 7HY

 tel: 020 7664 2060
 fax: 020 7436 4604




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 2.27 as print server

2003-10-23 Thread Bryant, Phillip -AES 
I'm running Samba 2.27 on RH8 system. I've got samba as the print
spooler for Windows XP clients and using winbind as the user validation
against my Win2K DC. Permissions on the spool directory are root root
with the sticky bit on. Clients can delete their own jobs from the que,
but the spool directory is not being expunged of print jobs and the last
job constantly displays in the client que window. I have not been able
to figure out how to resolve this as occasionally people freak out when
they see older jobs in the print que and wonder if it is stuck. For
whatever reason, the print process is unable to remove the print job
from the spool directory after it is sent to the lpd process for
printing.



Phillip M. Bryant
ITT Industries, Advanced Engineering and Sciences
Network Administrator
Albuquerque, NM 87120
Ph 505-889-7016
Cell 505-385-8668
MCSE 2000, NT 4.0
MCP+I




This email and any files transmitted with it are proprietary and intended solely for 
the use of the individual or entity to whom they are addressed. If you have received 
this email in error please notify the sender. Please note that any views or opinions 
presented in this email are solely those of the author and do not necessarily 
represent those of ITT Industries, Inc. The recipient should check this email and any 
attachments for the presence of viruses. ITT Industries accepts no liability for any 
damage caused by any virus transmitted by this email.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Fixed: [Samba] options to use for dos clients ?

2003-10-23 Thread Aaron_Colichia 
fixed after updating to 3.0.1pre1

this was not suggested by anyone on the samba list

thanks.


-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2003 11:49 AM
To: Colichia, Aaron
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] options to use for dos clients ?


On Tue, Oct 21, 2003 at 09:25:48AM -0500, [EMAIL PROTECTED] wrote:
 DOS 6.xx clients are exhibiting strange behavior
 
 If I try to copy a file with
 
 scopy file.txt s:\newstuff
 
 I receive a general error with the classic (a)bort (f)ail (r)etry
 
 But if I copy the file with
 
 scopy file.tx? s:\newstuff
 
 This works fine.

What version of Samba ? What platform ? What are the smb.conf setting for
this share. Please help us to help you.

Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Machine accounts creation with pdbedit (SambaLDAP)

2003-10-23 Thread Fermin Molina 
Hi,

I get this error when I'm trying to create a machine acount with
pdbedit:


# pdbedit -a -m -u machine
ldapsam_modify_entry: Failed to add user dn=
uid=machine$,ou=Computers,dc=mydomain,dc=org with: Object class 
violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = machine$
(dn = uid=machine$,ou=Computers,dc=mydomain,dc=org)
Unable to add machine! (does it already exist?)



I've been searching information in all documentation available, but I
cannot find anything about how works the new LDAP schema and his
interaction with Samba.

Enabling debug in smb.conf (log level = 3 passdb:10 auth:10), I get:



# pdbedit -a -m -u machine
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost
(ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
smbldap_search_suffix: searching
for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
pdb backend ldapsam:ldap://localhost has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Trying to load: ldapsam:ldap://localhost
Attempting to find an passdb backend to match ldapsam:ldap://localhost
(ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
smbldap_search_suffix: searching
for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
pdb backend ldapsam:ldap://localhost has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
pdb_set_username: setting username machine$, was
pdb_set_group_sid: setting group sid
S-1-5-21-3242272402-4231600687-3648858774-515
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-3242272402-4231600687-3648858774-515
from rid 515
smbldap_search_suffix: searching
for:[(((uid=machine$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[((uid=machine$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[((sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: machine$
ldapsam_modify_entry: Failed to add user dn=
uid=machine$,ou=Computers,dc=mydomain,dc=org with: Object class
violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = machine$
(dn = uid=machine$,ou=Computers,dc=mydomain,dc=org)
Unable to add machine! (does it already exist?)



I don't understand what is the process pdbedit (or samba) follows. And I
cannot find any clear related information about it. Even using the -U
option with a manually generated SID, I get the same error.

When I run LDAP and Samba for the first time, it appears an entry in
LDAP (but I don't put it into!):



dn: sambaDomainName=MYDOMAIN,dc=mydomain,dc=org
sambaDomainName: MYDOMAIN
sambaSID: S-1-5-21-3242272402-4231600687-3648858774
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain


What is the intended use of this entry? pdbedit gets the server base SID
from here? Then generates a new SID for the new account (user/machine)
that is about to create?

My LDAP configuration in smb.conf:

--
passdb backend = ldapsam:ldap://localhost, guest
idmap  backend = ldapsam:ldap://localhost

ldap admin dn   = cn=Manager,dc=mydomain,dc=org
ldap ssl= off
ldap suffix = dc=mydomain,dc=org
ldap user suffix= ou=People
ldap machine suffix = ou=Computers
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap idmap suffix   = ou=Idmap

idmap uid = 5-6
idmap gid = 5-6
--


Thanx,
Fermin



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.0.-2 logon script not running!

2003-10-23 Thread Peter Atkin 
Help…..

I've struggled with this for a few weeks and can't get anywhere.  I'd like for someone 
to point me in the right 
direction, if possible.

I have laid out below my complete samba setting in the hope that 
1) Someone can find a solution to my current problem 
2) It might help someone else, as I overcame a few problems with these settings 
myself, under samba 2.2.8a.. please note 
some settings are for Samba 3 only I do have the samba 2.2.8a  scripts archived for 
anyone that wants, that is fully 
working with no bugs that I know of.

I been running samba server now for almost a year with very few problems, although to 
be fair i don't use most of the 
features, I really just use it for authentication and managing the domain, all the 
user files are stored on 2 500GB NAS 
devices POP4500 series, their a little slow and bit problematic but works mostly. 

I felt the need to upgrade, as I could not get the NAS devices to join my domain 
running under Samba 2.2.8a. But that is 
another problem and story for later.

I’ve managed to get Samba 3.0.0-2 almost working, I removed all of the Samba 2.2.8a 
RPM’s 3 of them client, server and 
common.

I should state that all was working very well until I installed the new Samba 3 RPM., 
Because of the errors I suspect 
something to do with the RPC but I am really not sure..

-I can join the domain from any win9x, W2K and XP machine
-I can view and use the samba Directories as required.
-all seems to work well except to logon scripts.

I then installed the single RPMS, samba-3.0.0-2_rh8.i386.rpm and then setup my smbfs 
mount points so they would work… I 
can do everything but run my logon scripts, when I view my set variables on a W2K 
machine I get:

to test the installation smbclient -L //smb_server
Password: 

Sharename  Type  Comment
-    ---
netlogon   Disk  Network Logon Service
smbdiags   Disk  temp diag directory
Samba Logs Disk  RedHat8 Samba 3.0.0 user log directory

Server   Comment
----
ACCOUNTS 
ALLWORKANDNOPLA  
CLIENT   
CORE POPnetserver (10.0.0.3)
SERVER1  
SMB_SERVER   Samba 3.0.0 File Server
TOSHIBA-USER Tasha Laptop

WorkgroupMaster
----
CFU  SMB_SERVER
XXX  BACKUP

I belive according to the documenation this is a good indication that  Samba is fully 
working and install correctly? I 
Hope.

Now to my problem...


HOMEDRIVE=\
HOMEPATH=\core\peter
-
LOGONSERVER=\\SMB_SERVER
USERDOMAIN=CFU
USERNAME=peter
USERPROFILE=C:\Documents and Settings\peter.CFU

The thing to note here is that the HOMEDRIVE is no longer H: it now has a bit of the 
HOMEPATH stuck in it, and then the HOMEPATH has the remainder.

What is should look like is this:

HOMEDRIVE=H:
HOMEPATH=\\core\peter
-

When I check the smb.conf file all seems well, even when I do a “testparm –v” I can 
find no 
fault. 

Can anyone help, this all worked well on Samba 2.2.8a, I assume I have not done 
somthing correctly, looking through the 
news groups shine no light on the subject.


smb.conf script
---
# Computer Facilities
# currently and always under delvelopment using samba 3.0.0 on linux 8 
# /etc/samba/smb.conf
# last edit date was 12/10/2003 (D/M/Y)

[Global]

# to allow a SAMBA server to look and act like a windows PDC server
# Basic domain and machine name settings
workgroup = cfu
netbios name = SMB_Server
server string = Samba %v File Server
name resolve order = wins lmhosts bcast
smb ports = 139 445

domain logons = yes
domain master = yes
dns proxy = No
preferred master = yes
local master = yes
os level = 250
security = user
admin users  = @admins

# If you run your samba server on a machine that has a valid IP address to the 
Internet, or
# an an untrusted LAN,  you'll probably want to limit who can connect to your 
Samba shares.
# Assuming your server runs on 10.0.0.1,
# your netmask is 255.255.255.0 and you wish to deny access to a host in your 
network on
# which in this case is my internet, nas and mail server just as an example.
hosts allow = 10.0.0.0/255.255.255.0 127.0.0.1 EXCEPT 10.0.0.10
hosts deny = 0.0.0.0/0
remote announce = 10.0.0.255


# Speedup options for database use: Whether you are using Microsoft Access, 
# FoxPro, Quickbooks or CA-Clipper, with any multi-user fileserver database 
# application there are configurations. Please note to use the

[Samba] Re: Printing Problems (Updated)

2003-10-23 Thread Robert 
This also happens when I use the HP Laserjet 1000 driver.  It is a samba
issue or a driver issue?  Is there a compatability issue with samba print
servers and drivers?

Bob.



Robert [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 I have been struggling with samba and printing.  My original post is at
 http://lists.samba.org/archive/samba/msg72613.html.  I since then, I built
a
 2nd box, but this time it is a samba 3.0.0 box.  The same thing happens on
 the 3.0.0 box.

 The update is that this occurs on the lexmark printer using the Lexmark
 Z22/32 drivers.  If I use a HP driver or a different driver, the job goes
to
 the queue, but prints garbage.  This is expected though.  Is there a
reason
 why the job does not spool with the lexmark driver?  I deteted all the tdb
 file except the secrets.tdb and restarted the server.  On a few occasions,
I
 got the printer to print with the lexmark driver, but most of the time it
 failed.  I downloaded the driver from lexmark's site.

 Printing a test page gives Test page failed to print.  Would you like to
 view the print troubleshooter for assistance?  Unable to create a print
 job.  I have disabled bidirectional support on the printer but it still
 does not spool.  Copying a file directly to the printer share works.

 Am I missing something?  What can I do to get it working.  The printer
wrked
 with the driver once, but I can't seem to get it to work again.

 Please help!
 Bob.




 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How do I add a printer as a domain resource

2003-10-23 Thread Douglas Phillipson 
With NT4 I add grant users access to printers via the security tab on 
the printer.  How do I add a printer as a domain resource, with Samba, 
that I can then grant domain users access to?  (Using Samba 3.0.1Pre1)

Thanks

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Bug #596=Bug #532

2003-10-23 Thread Gmes Gza 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,

I'm the unhappy reporter of bug596, and I would like to report that bugs 
#596 and #532 are 100% the same, I've experimented today with tdbsam, 
and found conclusions about the number of users (under a limited number 
of users Win9x can get the list of users if  there are more users than 
that don't, no mater that I've used ldapsam or tdbsam) similar to what's 
reported at bug #532.
Unfortunately I wasn't able to report bug #596 as a duplicate of bug 
#532, so please in the future please consider writing about bug #532.

Thanks,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/mAnQ/PxuIn+i1pIRAizBAJ9Dt55kkzzrPTXCJOi1eKbeciaY9QCeOv2E
HfN8oteOBcJqVBxYEyzUXsY=
=8RNC
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] WINS problem for road warriors

2003-10-23 Thread Anthony Oganesian 
Hello everybody,

I am new to the list, so please forgive me if I break any rules
in my message. I searched everywhere I could to find the answer and
this is my last resort.

I have the following problem, which is bothering me very much:

I am using Samba as a WINS server and it works fine for everybody,
except for road warriors who work with their laptops on
local LAN, but also connect with the same laptop through VPN.

Once a road warrior connects through VPN, Samba caches VPN IP
address in wins.dat file and when same laptop is connected back
to our LAN, Samba fails to update it's IP and keeps returning VPN IP.

The only way I can solve this is: stop Samba server, manually delete
VPN IP from wins.dat, start Samba server.

OS: RedHat Linux 7.3
Samba Version: 3.0.0


-- 
Best regards,
 Anthony  mailto:[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] security=domain problem: could not fetch trust account password for domain

2003-10-23 Thread Reedick, Andrew 
When configuring a SunOS 5.9 box running Samba 2.2.8a with security=domain,
as per
http://us2.samba.org/samba/docs/using_samba/ch04.html#samba2-CHP-4-SECT-7 I
get the following error could not fetch trust account password for domain
when trying to connect to a share via 'net use * \\server\share
/user:domain\username'

However, 'security=user' works correctly.  'security=domain' will fall back
onto the user's smbpasswd successfully.  I'm configuring the box to be a
domain member, not a PDC.  We do not have WINS setup on the box.


A sample error log entry is:
[2003/10/23 12:22:07, 0] smbd/password.c:domain_client_validate(1558)
  domain_client_validate: could not fetch trust account password for domain
TESTINSTALL.COM


smb.conf is:

[global]
  server string = Samba %v on %h
  log level = 2
  log file  = /usr/local/samba/var/log.%m.%U
  max log size  = 1024
  browsable = yes
  getwd cache   = yes
  workgroup = TESTINSTALL.COM
  netbios name  = MYSERVER
  encrypt passwords = yes
  os level  = 0
  domain master = no
  local master  = no
  preferred master  = no
  security  = domain
  username map  = /usr/local/samba/lib/username.map
  password server   = dc dc.testinstall.com
  oplocks   = false
  level2 oplocks= false
  kernel oplocks= false
#  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192

[vobs]
 path = /vobs
 writable = true
 case sensitive = false
 preserve case = true
 force group = vobuser
 comment = ClearCase VOB(s)
 browsable = yes
 public = yes
 create mask = 0775
 directory mask = 0775



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How do I add a printer as a samba domain resource

2003-10-23 Thread Douglas Phillipson 
With NT4 I grant users access to printers via the security tab on the 
printer.  How do I add a printer as a domain resource, with Samba, that 
I can then grant domain users access to through Windows?  (Using Samba 
3.0.1Pre1 as a DC)

Thanks

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Large bin files when compiling

2003-10-23 Thread Robert 
I read in another post that you can edit the makefile after you run the
configure script.  Remove the -g option from the cflags.  How did you use
the strip command?

Bob.


Jonas Jonsson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Tried the strip command and it worked great

 But isn't ther a way to turn of these debugging symbols before I do the
 make?
 Tryed to add --disable-debug when configure... No change...

 /Jonas
 - Original Message -
 From: Edd Payne [EMAIL PROTECTED]
 To: Jonas Jonsson [EMAIL PROTECTED]
 Sent: Thursday, October 23, 2003 5:46 PM
 Subject: Re: [Samba] Large bin files when compiling


  Go to the directory where the big files are and type:
  strip smbd
  and repeat for all the big files.
 
  On a Linux i686 system this should get it down from 40Mb to about 1.9Mb
(I
  think)
 
  It removes the debugging symbols - if you need them, just re-do a make
  install and it should put the old versions back.
 
 
  On Thursday 23 Oct 2003 4:22 pm, Jonas Jonsson wrote:
   Hi...
  
   I have just installed Linux Slackare 9.1 with Gcc 3.2 Then I
 decieded
   to try out Samba 3 insted of 2 wich I have been using for a while
now...
  
   I did this when compiling...
   ./configure --prefix=/usr
   make
  
   Then when I checked the source/bin dir there was about 400mb of files
   there... It was the correct bin files but they were so huge that ther
 has
   to be something wrong.. Smbd was about 40mb...
  
   Anyone got some ideas on what I can do to make the files smaler?
  
   /Jonas
 
  --
  Edd Payne
  IT Co-ordinator
  University of London Union
  Malet Street, London WC1E 7HY
 
  tel: 020 7664 2060
  fax: 020 7436 4604
 
 
 

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Found a ACL howto but...

2003-10-23 Thread Douglas Phillipson 
I found a howto on ACL's but it assumes the following:

At this time, this document is not 100% complete. I have assumed you are 
joining to a Windows 2000 domain which is using Active Directory, you 
aren't trying to use Samba as a domain controller, and that you're using 
ext2 or ext3 on Linux.

How would this procedure have to be changed if I was using Samba as the DC?

http://www.bluelightning.org/linux/samba_acl_howto/

Regards

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 2.27 as print server

2003-10-23 Thread Robert 
If you are using lprng, you can add :done_jobs=0:\ option to your
printer's /etc/printcap entry.  To delete the jobs, use the -r option for
the printer's print command.  The done_jobs option removes the printed
jobs from the printer status whereas the -r deletes the spooled jobs.

Since it looks like you got your printers working, can you look at my
problem?  I have a samba server and am trying to get printers to work with
XP and 2k clients.  9x clients work just fine.  My problem is at
http://lists.samba.org/archive/samba/msg73196.html.  I would really
appreciate if you tell me how you got your setup working.  What kind of
printers do you have?

Thanks in advance.
Bob.


Bryant, Phillip -AES [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Should I use Winbind if my DC is Samba?

2003-10-23 Thread Douglas Phillipson 
Should I use winbind if my Domain Controller is a samba machine?  Or is 
it only useful if my DC is a real MS DC?

Regards

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.1pre1 broke my 'valid users' on one share

2003-10-23 Thread Aaron_Colichia 
Before updating to 3.0.1pre1, the following smb.conf worked.
 
Now when users try to hit the [broke] share they are denied access.
 
Winbind has no problem finding the users and groups for the domain.
 
I've verified filesystem permissions, Domain Users have full RW access.
 
I do not seeing anything coming across my smbd log files.
[global]

security = DOMAIN

workgroup = xxx

password server = AUSTIN, HOUSTON, *

encrypt passwords = yes

wins server = 172.20.0.1

netbios name = PLANO

winbind separator = + 

idmap uid = 1-2

idmap gid = 1-2

winbind use default domain = yes

winbind enum users = yes

winbind enum groups = yes

obey pam restrictions = yes

kernel oplocks = no

template homedir = /xxx/home/share/%U

template shell = /bin/bash

server string = 

mangle case = yes

dos filemode = yes

name resolve order = wins bcast lmhosts 

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
IPTOS_LOWDELAY

max log size = 4096

log file = /var/log/samba/%m

local master = yes

domain logons = no

domain master = no

preferred master = no

wins support = no

wins proxy = no

dns proxy = no 

[broke]

write cache size = 64000

browseable = yes

path = /path/to/stuff

read only = yes

public = no

guest ok = no

valid users = user1, user2, user3

force group = Domain Users

fake oplocks = yes


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.8 - authentication and nscd

2003-10-23 Thread Manjinder Gill (Fathom) 

Hi 

We have installed and configured Samba 2.2.8 on a Solaris (Sparc) 8
server recently. This server is to replace an existing member server in
a NT4 domain and will act as a file server.

We want to perform as little user maintenance on the Solaris side as
possible so that most of the user setup and maintenance for the domain
is controlled through a NT4 server using usrmgr and want to use NT file
and directory permissions on the shares on the new server through ACL's.
Therefore we have configured Samba with the minimum options i.e.
compiled (with winbindd and acl options), installed and setup basic
smb.conf file. No other changes have been made in relation to
nsswitch.conf (winbind added during install) and we have not made
specific changes to PAM config. Therefore authentication is done
directly with the domain as per the following smb.conf file:-

[global]
workgroup = DEV1
netbios name = SUNBLADE
server string = SunBlade
interfaces = 192.168.3.10
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
password server = NTPDC
log file = /usr/local/samba/var/log.%m
max log size = 50
local master = No
domain master = No
dns proxy = No
winbind uid = 1-2
winbind gid = 1-2
winbind use default domain = Yes

[Apps]
comment = Applications Share
path = /data/apps
read only = No
create mask = 0775
directory mask = 0775
force unknown acl user = 0775
inherit permissions = Yes
inherit acls = Yes
guest ok = Yes
profile acls = Yes
mangled names = No

The documentation goes on about the smbpasswd file when using encrypted
passwords. Currently we are not storing any of the users and groups
within /etc/passwd or /etc/groups and are not mapping any NT to UNIX
usernames - the configuration seems to be working although sometimes we
get authentication issues.

Is it viable to run with this configuration? The documentation seems to
imply that smbpasswd entries are required when encryption is on and
using winbind??

Also, we occasionally get core dumps which fills the Solaris server. We
have discovered this to be the nscd process. The Samba 3.0 documentation
states that nscd should not be used when winbindd is running and this is
the likely cause of the authentication issues, but Samba does not
function when the process is not running? We have killed this process
whilst Samba is running and also stopped it from starting when machine
boots, but this prevents Samba from authenticating any users. Any ideas
why this is happening? Could it be due to our configuration?

We have integrated Samba into Veritas Cluster server and is operating in
a fail over environment with another machine.

Thanks in advance.

M. Gill


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.8 - authentication and nscd

2003-10-23 Thread Manjinder Gill (Virgin.net) 
Hi 

We have installed and configured Samba 2.2.8 on a Solaris (Sparc) 8
server recently. This server is to replace an existing member server in
a NT4 domain and will act as a file server.

We want to perform as little user maintenance on the Solaris side as
possible so that most of the user setup and maintenance for the domain
is controlled through a NT4 server using usrmgr and want to use NT file
and directory permissions on the shares on the new server through ACL's.
Therefore we have configured Samba with the minimum options i.e.
compiled (with winbindd and acl options), installed and setup basic
smb.conf file. No other changes have been made in relation to
nsswitch.conf (winbind added during install) and we have not made
specific changes to PAM config. Therefore authentication is done
directly with the domain as per the following smb.conf file:-

[global]
workgroup = DEV1
netbios name = SUNBLADE
server string = SunBlade
interfaces = 192.168.3.10
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
password server = NTPDC
log file = /usr/local/samba/var/log.%m
max log size = 50
local master = No
domain master = No
dns proxy = No
winbind uid = 1-2
winbind gid = 1-2
winbind use default domain = Yes

[Apps]
comment = Applications Share
path = /data/apps
read only = No
create mask = 0775
directory mask = 0775
force unknown acl user = 0775
inherit permissions = Yes
inherit acls = Yes
guest ok = Yes
profile acls = Yes
mangled names = No

The documentation goes on about the smbpasswd file when using encrypted
passwords. Currently we are not storing any of the users and groups
within /etc/passwd or /etc/groups and are not mapping any NT to UNIX
usernames - the configuration seems to be working although sometimes we
get authentication issues.

Is it viable to run with this configuration? The documentation seems to
imply that smbpasswd entries are required when encryption is on and
using winbind??

Also, we occasionally get core dumps which fills the Solaris server. We
have discovered this to be the nscd process. The Samba 3.0 documentation
states that nscd should not be used when winbindd is running and this is
the likely cause of the authentication issues, but Samba does not
function when the process is not running? We have killed this process
whilst Samba is running and also stopped it from starting when machine
boots, but this prevents Samba from authenticating any users. Any ideas
why this is happening? Could it be due to our configuration?

We have integrated Samba into Veritas Cluster server and is operating in
a fail over environment with another machine.

Thanks in advance.

M. Gill

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba3 LDAP Can't join domain with Win2k Pro

2003-10-23 Thread Nicko 
Bonjour,

 use pdbedit -a username to add samba attribute to the user ( the user
 must exist in the backend - ldap for me ).

smbldap-useradd.pl is not supposed to do that for me ?

 Have a look at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html

I read it a lot of time, but it's a bit confused... This how-to don't start
from nothing (like i do) and i'd never used Samba before so ...

 In the [SAMBA_3_0] and [HEAD] only a few basic entries are required:
[snip]
 The root/administrator (uidNumber=0) SHOULD be present in the NT's
 Admins group (rid=512).
 

I removed all normal / test users from LDAP and /etc/passwd
I created Administrator Account with :
smbldap-useradd.pl -a Administrator
I change password for Administrator (different from root password) with:
smbldap-passwd.pl Administrator
I changed uid for Administrator with :
smbldap-usermod.pl Administrator -u 0
I put Administrator in Domain Admins Group (Domains Admin has gid = 512) :
smbldap-groupmod.pl -m Administrator Domain Admins
I can open a session with Administrator account on my linux box.

I tried to join Samba Domain with a Windows 2000 Server :
with Administrator : unknown user or bad password
with root : unknown user or bad password

I created Administrator account in /etc/passwd with WebMin (Users  Groups
Module).

I tried again to join Domain :
with Administrator : unknown user or bad password

I created root account in LDAP with smbldap-useradd.pl and put it in Domain
Admins Group
I tried again to join Domain :
with Administrator : unknown user or bad password
with root : unknown user or bad password

Btw i'll try with pdbedit later (but at this time pdbedit -L show me
Administrator and root so...)

Any log that i could check ?
Any info ?
Nobody here installed  Samba 3 + LDAP on a fresh Linux Box ?



Thanks

Nicko

My LDAP Schema :


[EMAIL PROTECTED] sbin]# ldapsearch -x -b 'dc=ERIOS,dc=FR' '(objectclass=*)'
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# ERIOS, FR
dn: dc=ERIOS,dc=FR
objectClass: dcObject
objectClass: organization
dc: ERIOS
o: ERIOS

# Users, ERIOS, FR
dn: ou=Users,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Users

# Groups, ERIOS, FR
dn: ou=Groups,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Groups

# Computers, ERIOS, FR
dn: ou=Computers,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Computers

# Domain Admins, Groups, ERIOS, FR
dn: cn=Domain Admins,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
memberUid: root
description: Netbios Domain Administrators (need smb.conf configuration)

# Domain Users, Groups, ERIOS, FR
dn: cn=Domain Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users (not implemented yet)
memberUid: Administrator
memberUid: root

# Domain Guests, Groups, ERIOS, FR
dn: cn=Domain Guests,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users (not implemented yet)

# Administrators, Groups, ERIOS, FR
dn: cn=Administrators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
 ainName (not implemented yet)
memberUid: Administrator

# Users, Groups, ERIOS, FR
dn: cn=Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 545
cn: Users
description: Netbios Domain Ordinary users (not implemented yet)

# Guests, Groups, ERIOS, FR
dn: cn=Guests,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 546
cn: Guests
memberUid: nobody
description: Netbios Domain Users granted guest access to the
computer/sambaDo
 mainName (not implemented yet)

# Power Users, Groups, ERIOS, FR
dn: cn=Power Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers (not
im
 plemented yet)

# Account Operators, Groups, ERIOS, FR
dn: cn=Account Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts (not
implemente
 d yet)

# Server Operators, Groups, ERIOS, FR
dn: cn=Server Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 549
cn: Server Operators
description: Netbios Domain Server Operators (need smb.conf configuration)

# Print Operators, Groups, ERIOS, FR
dn: cn=Print Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators (need smb.conf configuration)

# Backup Operators, Groups, ERIOS, FR
dn: cn=Backup Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
 (not implemented yet)

# Replicator, Groups, ERIOS, FR
dn:

[Samba] help!: session setup failed: ERRDOS

2003-10-23 Thread Joshua o 
I have read the docs and I have googled, and I have been unable to fix
this problem.  I have samba 3.0 installed on RH8 and when I have
settings like:

[global]
   netbios name = DYER-PC-JO
   workgroup = DYERLAB
   server string = SMB Server Test
   security = share

[public]
   path = /tmp
   guest ok = yes
   writeable = yes

I can mount my share wonderfully in with both RH9 and OSX as clients. 
But this isn't very secure, so when I change this to:

[global]
   netbios name = DYER-PC-JO
   workgroup = DYERLAB
   server string = SMB Server Test
   security = user
   encrypt passwords = yes
   smb passwd file = /usr/local/samba/private/smbpasswd

[public]
path = /tmp
valid users = jorvis
writeable = yes

I can't connect in OSX or RH9.  I use this command in RH9:

[EMAIL PROTECTED] samba]# smbmount //myiphere/public /mnt/public -o
username=secret,password=supersecret

but I get this error:

session setup failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

I have setup the smbpasswd file, ran smbpassword -a jorvis and set the
password.  I have an UNIX account on both the host and client and both
have the same password.

This connection method works fine when I have security = share and guest
= ok, but I want to use user-level security.  

Can anyone tell me what step I am missing?

Thanks!

Joshua Orvis
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC

2003-10-23 Thread Sebastian Davancens 
Hi all. how can i do to run a sript in a Samba PDC
server (Redhat 9.0, Samba 3.0) each time that someboy
connects to a share on the server from a client? The
script is a shell script. IT IS NOT THE LOGON SCRIPT.
I tried with some parameters like exec, preexec and
root preexec, but i got nothing. this is the script:

for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
   touch /home/$1/._$i
done

please, somebody hel me with this..
thanks in advance
Sebastian



Internet GRATIS es Yahoo! Conexión
4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
Más ciudades: http://conexion.yahoo.com.ar
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC

2003-10-23 Thread Adam Williams 
Your subject line isn't very appropriate to the question.

 Hi all. how can i do to run a sript in a Samba PDC
 server (Redhat 9.0, Samba 3.0) each time that someboy
 connects to a share on the server from a client? The
 script is a shell script. IT IS NOT THE LOGON SCRIPT.
 I tried with some parameters like exec, preexec and
 root preexec, but i got nothing. this is the script:

You were correct, it is preexec

   preexec (S)
  This option specifies a command to be run  whenever
  the  service  is  connected  to. It takes the usual
  substitutions.
 
  An interesting example is to send the users a  wel
  come  message  every time they log in. Maybe a mes
  sage of the day?

 for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
touch /home/$1/._$i
 done

Something else must be wrong as it does work.  Check your file
permissions, path, etc...  Remember a script executed there may not have
the same environment as you executing it as you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC

2003-10-23 Thread rruegner 
hi, i use
this to generate logon files
everytime a user connects to share netlogon
i think
rootpreexec   = /var/lib/samba/netlogon/login.pl %U %G %m %L
or simular is what you need
regards

## Section - [netlogon]
[netlogon]
sharemodes= No
rootpreexec   = /var/lib/samba/netlogon/login.pl %U %G
%m %L
comment   = Netlogon Share
browseable= No
path  = /var/lib/samba/netlogon
guestok   = Yes
writelist = @ntadmin
locking   = no
public= no
cscpolicy = disable


- Original Message - 
From: Sebastian Davancens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 10:33 PM
Subject: **SPAM** [Samba] Samba PDC


 Hi all. how can i do to run a sript in a Samba PDC
 server (Redhat 9.0, Samba 3.0) each time that someboy
 connects to a share on the server from a client? The
 script is a shell script. IT IS NOT THE LOGON SCRIPT.
 I tried with some parameters like exec, preexec and
 root preexec, but i got nothing. this is the script:

 for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
touch /home/$1/._$i
 done

 please, somebody hel me with this..
 thanks in advance
 Sebastian


 
 Internet GRATIS es Yahoo! Conexión
 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
 Más ciudades: http://conexion.yahoo.com.ar
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC

2003-10-23 Thread Gémes Géza 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sebastian Davancens írta:
| Hi all. how can i do to run a sript in a Samba PDC
| server (Redhat 9.0, Samba 3.0) each time that someboy
| connects to a share on the server from a client? The
| script is a shell script. IT IS NOT THE LOGON SCRIPT.
| I tried with some parameters like exec, preexec and
| root preexec, but i got nothing. this is the script:
|
| for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
|touch /home/$1/._$i
| done
|
| please, somebody hel me with this..
| thanks in advance
| Sebastian
|
|
| 
| Internet GRATIS es Yahoo! Conexión
| 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
| Más ciudades: http://conexion.yahoo.com.ar
Specify in the share
preexec script = scriptname %U if you want to run the script as the
connecting user
or
root preexec script = scriptname %U if you want to run the script as
root (Think twice if you realy need this)
or replace preexec with postexec, if you want to run it after the user
disconects, in my opinion much less reliable.
Good Luck,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/mD6N/PxuIn+i1pIRAhdSAKCJt15HqrzFO/UFdyz/PwlUPadsvgCfRcIY
5fGy55uoWJup/6tBOyVucfo=
=ky9P
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: RE : [Samba] Samba3+ldapsam+Win9x userlist, Bug596?! sniffing info

2003-10-23 Thread Jeremy Allison 
On Thu, Oct 23, 2003 at 11:37:29AM +0200, jean-marc pouchoulon wrote:
 Thereby sorry for being impolite :-(, but at present I'm running samba
 3.0.1pre1 with ldapsam in the production servers, and Win9x clients
 couldn't get list of users and groups from Samba DCs (Bug596). I have 3
 choices:
 - -- Switch back to 2.2.7 (not very nice:-(, I would need group support
 for policy)
 - -- Switch to tdbsam with fam/rsync/ssh-ing password and group
 mappings (very ugly and error prone :-()
 - -- Wait, in hope of a solution/workaround
 Please give me an advice, which one could harm less.
 
 Thanks for not shooting me for bore you with my problems.
 
   Same questions for me ( luckily the xp client works in my basic
 conf but I have needs from my win98's users).
   
   I can see with ethereal that after the groups name will be
 return by the server.
   After there is a 'SMB Transaction Response, Error: General
 failure'  

I just fixed this in CVS. Here is the patch.

===
RCS file: /cvsroot/samba/source/smbd/ipc.c,v
retrieving revision 1.180.2.12
retrieving revision 1.180.2.13
diff -u -r1.180.2.12 -r1.180.2.13
--- samba/source/smbd/ipc.c 2003/10/17 21:19:15 1.180.2.12
+++ samba/source/smbd/ipc.c 2003/10/21 23:14:41 1.180.2.13
@@ -96,7 +96,7 @@
align = ((this_lparam)%4);

if (buffer_too_large) {
-   ERROR_NT(STATUS_BUFFER_OVERFLOW);
+   ERROR_BOTH(STATUS_BUFFER_OVERFLOW,ERRDOS,ERRmoredata);
}
 
set_message(outbuf,10,1+align+this_ldata+this_lparam,True);
@@ -281,6 +281,14 @@
subcommand = ((int)setup[0])  0x;

if(!(p = get_rpc_pipe(pnum))) {
+   if (subcommand == TRANSACT_WAITNAMEDPIPEHANDLESTATE) {
+   /* Win9x does this call with a unicode pipe name, not a pnum. 
*/
+   /* Just return success for now... */
+   DEBUG(3,(Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe 
name\n));
+   send_trans_reply(outbuf, NULL, 0, NULL, 0, False);
+   return -1;
+   }
+
DEBUG(1,(api_fd_reply: INVALID PIPE HANDLE: %x\n, pnum));
return api_no_reply(outbuf, mdrcnt);
}

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Deny deleting and Copy files

2003-10-23 Thread Roberto Samarone Araújo (RSA) 
Hi,

I'm sharing some files using Samba and I need to prevent the users
from delete and copy the files on a directory.  The files on the shared
directory is used by an application that read and write on this files.
Does anyone could help me please ?

Thanks,

Roberto Samarone Araujo


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] NTLMv2 in Samba 3.0

2003-10-23 Thread Chu, Dan [IT] 
Hello,
Has anyone successfully configured Samba 3.0 to authenticate using NTLMv2
only? I have below entry in smb.conf:
password server = domain controller

to use domain controller for user authentication and DC is configured with
Level 5 - DC refuses LM and NTLM authentication (accepts only NTLMv2). So
far I got: System error 1326 has occurred.
Logon failure: unknown user name or bad password. errors. 

I am not sure what option(s) to use in the smb.conf file to make it work. My
understanding is that Samba 3.0 defaults to NTLMv2 if password server is
configured to accept NTLMv2. 

Thanks a lot in advance.
Dan 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Bug #596=Bug #532

2003-10-23 Thread Jeremy Allison 
On Thu, Oct 23, 2003 at 07:03:13PM +0200, Gémes Géza wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi all,
 
 I'm the unhappy reporter of bug596, and I would like to report that bugs 
 #596 and #532 are 100% the same, I've experimented today with tdbsam, 
 and found conclusions about the number of users (under a limited number 
 of users Win9x can get the list of users if  there are more users than 
 that don't, no mater that I've used ldapsam or tdbsam) similar to what's 
 reported at bug #532.
 Unfortunately I wasn't able to report bug #596 as a duplicate of bug 
 #532, so please in the future please consider writing about bug #532.

If have fixed this bug in CVS. Please either update using the CVS code or
apply the patch I posted to this list.

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] advanced printing features setting not saved

2003-10-23 Thread Alexander Geraldy 
Hello,

we run SuSE8.2 with Samba 2.2.7a-78 (SuSE's own version?!) and Windows 
XP clients. After an update to 3.0.0, everything works well (user access 
on file services and printing), but we can't save the advanced printing 
features(?) (german: Erweiterte Druckfunktionen aktivieren) flag 
(WinXP - Settings - any printer - Advanced) anymore.
This holds for all our (HP-)printers while the duplex option is stored 
on the samba server. This one flag is always reset to disabled without 
any warning or error message.

A clean install of samba 3.0.0 did not change anything about this 
problem. Since no user can print duplex or n-to-1 with samba 3.0.0, I 
had to install the old samba version again.

Is there any known solution for this problem?
In which files are the printer settings stored on the samba server? I 
didn't find anything about that topic.

thanks for your help!
- Alexander
--
--
Alexander Geraldy  [EMAIL PROTECTED]
AG Rechnernetze, Fachbereich Informatik
Universität Kaiserslautern
Tel.: +49(631) 205-2591,  Fax: -3956
PGP : http://rn.informatik.uni-kl.de/~geraldy/pgp.asc
Fingerprint:
  D7D0 6505 B731 2D4F 0481 FD86 EF5D B98A D05B 5F7E
--
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 Error Copying File or Folder

2003-10-23 Thread Kenneth Slenker 
We have just upgraded Samba 2.2.4-2 to 3.0.0-2 and have found a very
annoying problem.

When using Windoze Explorer to copy a file to a smb share, the first
copy will be fine but if you try to copy this same file over its self,
an error pops up. Error copying file or folder. Cannot copy file:
Cannot find the specified file. Make sure you specify the correct path
and filename.

 

Now, if you wait 10 seconds after this message and try again, the
message box would you like to overwrite this file pops up.

 

The Windoze machines are Win 2k sp2 -4 and samba is on RH7.3.

As a test, we set up a second RH7.3 in the same config to see where the
problem may be. It appears that all is fine under Samba 2.2.4 but as
soon as the rpm -U is done; well BAM and that is all she wrote.

 

A goggle search came up with 4 results 3 of which point to this:

http://www.faqchest.com/linux/samba-l/smb-02/smb-0206/smb-020629/smb0206
2507_10238.html

 

I would appreciate any insight in to this if possible. 

 

Thank you.

 

Kenneth Slenker

Network  Systems Administrator/ Webmaster

PneuDraulics, Inc.

8575 Helms

Rancho Cucamonga, CA 91730

909.980.5366 x259

FAX: 909.945.2821

[EMAIL PROTECTED]

http://www.pneudraulics.com

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0 Error Copying File or Folder

2003-10-23 Thread Jeremy Allison 
On Thu, Oct 23, 2003 at 02:14:21PM -0700, Kenneth Slenker wrote:
 We have just upgraded Samba 2.2.4-2 to 3.0.0-2 and have found a very
 annoying problem.
 
 When using Windoze Explorer to copy a file to a smb share, the first
 copy will be fine but if you try to copy this same file over its self,
 an error pops up. Error copying file or folder. Cannot copy file:
 Cannot find the specified file. Make sure you specify the correct path
 and filename.

Fixed in the 3.0.1pre release Jerry did recently.

Also fixed in CVS. Sorry,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] A working solution to the XP domain reboot problem

2003-10-23 Thread Aaron K. Johnson 

Hey,

I worked for days on this, and I want to share the solution I stubled across.

I got this error message from my wife XP laptop:

Windows cannot connect to the domain, either
because the domain controller is down or otherwise unavailable, or because
your computer account was not found.  Please try again later.  If this
message continues to appear, contact your system administrator for
assistance.

to stop this and be free and happy, do this:

follow everything in http://hr.uoregon.edu/davidrl/samba.html#SAMBA-PDC

then, use this smb.conf, tailored to your system, and follow my instructions 
below it, and hopefully it will work.

# $Header: /home/cvsroot/gentoo-x86/net-fs/samba/files/smb.conf.example,v 1.3 
2002/08/27 20:39:48 woodchip Exp $
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command testparm
# to check that you have not made any basic syntactic errors. 
#
#=== Global Settings =
[global]
domain logons = yes
domain admin group = root @wheel
domain guest group = nobody @guest
guest account = smbguest
log level = 3
log file = /var/log/samba.log
logon home = \\MYBOX\home
netbios name = MYBOX
os level = 99
preferred master = yes
remote announce = 192.168.1.255/mydomain
remote browse sync = 192.168.1.255
hosts allow = 192.168.1.
security = user
server string = goddamit
workgroup = mydomain
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
encrypt passwords = yes

[homes]
read only = no
create mode = 0600
directory mode = 0700

[public]
path = /tmp
guest ok = yes
writable = yes

[home]
path = /home/yourdir
guest ok = yes
writeable = no

##

On the Samba server, add this to /etc/passwd:

smbguest:x:1202:100:workstation:/dev/null:/bin/false

and this to /etc/shadow:

smbguest:*:9797:0:

then do:

smbpasswd -a smbguest
smbpasswd -a root

kill and restart 'smbd' and 'nmbd'.

From the XP box, log into the domain from System/Computer Name/change

you should get on it fine as 'root' + password.

Reboot XP, and log into the domain (use 'options' tab) as 'smbguest' + 
passwd_for_smbguest_you_chose

Voila, non?

I also undid the XP firewall in the TCP/IP section, I don't know if this 
helped me or not, but it might be crucial if the above doesn't work. Good 
luck.

-Aaron Krister Johnson




-- 
OCEAN, n.  A body of water occupying about two-thirds of a world made
for man -- who has no gills. -Ambrose Bierce 'The Devils Dictionary'

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Specify domain SID

2003-10-23 Thread Gémes Géza 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] írta:
| I'm upgrading from samba-tng+ldap as a pdc to samba3+ldap.  I havn't been
| able to find a way to specify the domain SID for samba3.  Any pointers to
| where this is covered in the docs would be greatly appreciated.
|
It is handled by net setlocalsid .
You can read mor about this in the Samba Howto collection in chapter 5
entitled Domain Control.
Regards,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/mFoX/PxuIn+i1pIRAqknAJoCOoMZK6mRlZn4d/S82GQbjKzecQCeMZk/
UKdwwR94/YMtA19h6l+b6LM=
=i9L+
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC

2003-10-23 Thread Gémes Géza 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Douglas Phillipson írta:
|
|
| Gémes Géza wrote:
|
| -BEGIN PGP SIGNED MESSAGE-
| Hash: SHA1
|
| Sebastian Davancens írta:
| | Hi all. how can i do to run a sript in a Samba PDC
| | server (Redhat 9.0, Samba 3.0) each time that someboy
| | connects to a share on the server from a client? The
| | script is a shell script. IT IS NOT THE LOGON SCRIPT.
| | I tried with some parameters like exec, preexec and
| | root preexec, but i got nothing. this is the script:
| |
| | for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
| |touch /home/$1/._$i
| | done
| |
| | please, somebody hel me with this..
| | thanks in advance
| | Sebastian
| |
| |
| | 
| | Internet GRATIS es Yahoo! Conexión
| | 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
| | Más ciudades: http://conexion.yahoo.com.ar
| Specify in the share
| preexec script = scriptname %U if you want to run the script as the
| connecting user
| or
| root preexec script = scriptname %U if you want to run the script as
| root (Think twice if you realy need this)
| or replace preexec with postexec, if you want to run it after the user
| disconects, in my opinion much less reliable.
|
|
|
| I've found that there is a timeout time after which a share
| disconnects and thus runs the postexec script.  The user didn't log off,
| the inactivity on the share caused it to disconnect.  If the user uses
| the share it reconnects but the postexec script runs everytime the share
| times out so it's kind of worthless to me.
|
| Doug P
|
|
This is a real problem, with both preexec, and postexec scripts, the
only workaround I can see is to make your script check if the time of
the touched files is newer than a specified amount, in which case do not
touch them again. Ugly I know, but for now I don't have better ideas.
Regards,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/mFy3/PxuIn+i1pIRAvc/AJ9azC02WD3mQsImXKwQBE5F4VQYmQCfeLsS
JbWoGhxah3Lx2nn7k2mq+Cw=
=WwXz
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Win NT 4.0 clients give error C0000078 when login to Samba PDC

2003-10-23 Thread Thomas Hannan 
Hi all,

I've tried searching all over the net for any information about this
error but can't seem to find any. 

I've compiled Samba 2.2.8a on a RH Linux 7.3 box (kernel 2.4.18-3) with
lsapsam support against openldap 2.0.23-4. I'm also using pam_ldap such
that all authentication (unix + samba/windows) is done through LDAP,
which is working quite nicely. 

However, none of my NT 4.0 systems can log on to the PDC -- my 2K Pro
and XP Pro systems can (assuming the SignOrSeal registry hack is done),
but the NT systems will join the domain, but as soon as I enter the root
password  (or log in under any other account) I get a The system cannot
log you on (C078) which apparently means NT_STATUS_INVALID_SID.
Nothing shows up in the EventLog on these NT workstations. I've tried
flushing the NBT cache (with c:\ nbtstat -RR) and one system is a
fresh NT install just for testing. I've also tried joining other domains
or setting them to be workgroup only and restarting a few times before
re-joining this domain to see if they're somehow caching old SIDs.

Any ideas? I'm ready to try just about anything at this point.
I've attached my smb.conf, ldapsam/smbpasswd entries, and log.

Regards,
Tico 


[EMAIL PROTECTED] root]# /usr/local/samba/bin/testparm -x
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section [homes]
Processing section [netlogon]
Processing section [public]
Loaded services file OK.
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = POI
netbios name = POI-US
server string = POI-USA file server
encrypt passwords = Yes
log level = 3
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
domain admin group = root, administrator, @smbadmin
logon path =
logon home =
domain logons = Yes
os level = 34
preferred master = Yes
domain master = Yes
wins support = Yes
ldap server = 192.168.1.60
ldap port = 389
ldap suffix = ou=accounts, ou=people, dc=pharm-olam, dc=com
ldap admin dn = cn=Manager,dc=pharm-olam,dc=com
ldap ssl = no
guest account = smbguest

[homes]
read only = No
create mask = 0600
directory mask = 0700

[netlogon]
path = /var/samba/netlogon
locking = No

[public]
path = /tmp
read only = No
guest ok = Yes


Here are the relevant user entries in the LDAPSAM (if need be I can dump
the entries directly out of LDAP):

[EMAIL PROTECTED] root]# /usr/local/samba/bin/pdbedit -v -u emach-nt-01$
ldap_connect_system: Binding to ldap server as
cn=Manager,dc=pharm-olam,dc=com
username:   EMACH-NT-01$
user ID/Group:  1311/1300
user RID/GRID:  3622/3601
Full Name:  EMACH-NT-01$
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
[EMAIL PROTECTED] root]# /usr/local/samba/bin/pdbedit -v -u root
ldap_connect_system: Binding to ldap server as
cn=Manager,dc=pharm-olam,dc=com
username:   root
user ID/Group:  0/0
user RID/GRID:  1000/512
Full Name:  root
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:



Below is a tail -f /var/log/samba/emach-nt-01.log


  Transaction 2 of length 131
[2003/10/23 15:40:53, 3] smbd/process.c:switch_message(685)
  switch message SMBsesssetupX (pid 19365)
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/10/23 15:40:53, 3] smbd/reply.c:reply_sesssetup_and_X(879)
  Domain=[]  NativeOS=[Windows NT 1381] NativeLanMan=[]
[2003/10/23 15:40:53, 3] smbd/reply.c:reply_sesssetup_and_X(890)
  sesssetupX:name=[]
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:push_sec_ctx(296)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/10/23 15:40:53, 3] smbd/uid.c:push_conn_ctx(285)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 1 groups: 1100
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:pop_sec_ctx(435)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 1 groups: 1100
[2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(336)
  uid 999 registered to name smbguest
[2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(338)
  Clearing default real name
[2003/10/23 15:40:53, 3] smbd/password.c:register_vuid(340)
  User name: smbguest   Real name: smbguest
[2003/10/23 15:40:53, 3] smbd/process.c:chain_reply(991)
  Chained message
[2003/10/23 15:40:53, 3] smbd/process.c:switch_message(685)
  switch message SMBtconX (pid 19365)
[2003/10/23 15:40:53, 3] smbd/sec_ctx.c:set_sec_ctx(328)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/10/23 15:40:53, 3] smbd/password.c:authorise_login(854)

[Samba] Configure file sharing for Samba...

2003-10-23 Thread Matt Beglinger 
Hello,

I'm setting a PDC/fileserver for my company. All the files are being hosted on the 
Samba PDC server. We have a single company directory that everyone in the company has 
full access to. Inside the shared company directory is a directory (among many others) 
that I would only like certain users to be able to view. I know this is possible but 
here's the problem:

As far as I know, for everyone to share files happily I had to set the force create 
mask option to 0777. Without this option set whenever an employee would save a Word 
document and another employee were to load that document it would load as read only. 
If I manually changed the permission to 777 for that file and that same employee were 
to reopen the file, it would open just fine without read only status. That's where I 
got the idea of forcing permissions to 777.

So maybe I'm going about this all the wrong way, but to recap:

We have a company directory that we want all employees to be able to view/edit/change 
whatever. But there is a directory within this shared directory that we would only 
like a certain list of people to have access to. But I've found it necessary to force 
create mask of 777 because of the read only problem.

Anyone have a idea. I'm stumped and haven't had any success yet.

Thanks for all your help!

Matt
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Configure file sharing for Samba...

2003-10-23 Thread John H Terpstra 
On Thu, 23 Oct 2003, Matt Beglinger wrote:

 Hello,

 I'm setting a PDC/fileserver for my company. All the files are being
 hosted on the Samba PDC server. We have a single company directory that
 everyone in the company has full access to. Inside the shared company
 directory is a directory (among many others) that I would only like
 certain users to be able to view. I know this is possible but here's the
 problem:

 As far as I know, for everyone to share files happily I had to set the
 force create mask option to 0777. Without this option set whenever an
 employee would save a Word document and another employee were to load
 that document it would load as read only. If I manually changed the
 permission to 777 for that file and that same employee were to reopen
 the file, it would open just fine without read only status. That's
 where I got the idea of forcing permissions to 777.

 So maybe I'm going about this all the wrong way, but to recap:

 We have a company directory that we want all employees to be able to
 view/edit/change whatever. But there is a directory within this shared
 directory that we would only like a certain list of people to have
 access to. But I've found it necessary to force create mask of 777
 because of the read only problem.

 Anyone have a idea. I'm stumped and haven't had any success yet.

Have you tried setting the user and group ownership of hte directory to
what you want, and then setting SUID/SGID on the dierectory? This way all
files in the directory get written with the ownership of the directory.

You can then have sub-directories that have differing user and group
ownership providing the exact effect you want.

Samba is share settings are a poor substitute for what is easily done in
the OS.

If you need further info check out the Samba-HOWTO.Collection.pdf for
Samba-3. It's available from the Samba Web site. You need to check the
chapter titled File, Directory and Share Access Controls.

Cheers,
John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-23 Thread Jeremy Allison 
On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
 On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
  On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
   We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
   access with clear text authentication from clients.
   But no kind of credentials is accepted.
   
   It did a level 10 log on the Samba server and found my clear text password
   in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
   
   Is it possible that Samba can't handle the clear-text pass-through from
   POP3-Client per Exchange server and takes it for NTLMv2 challenge
  
  Can you post the debug level 10 log please (obfuscate all passwords of course :-).
 
 I picked this one up at the end of last week.   I never got it into CVS,
 because I didn't have the setup to test it.  (And I wanted to clean it
 up a bit, we should also handle the 'interactive' login in a similar
 way, and possibly 'ascii' passwords against the LM hash).
 
 Thanks to Fabien Chevalier for providing the information that made
 fixing this so easy.

I've committed a varient of this. Andrew can you please check for
correctness ?

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printing banner pages

2003-10-23 Thread Peter Blajev 
In Samba 3.0.0 (may be in earlier versions too) if I specify

printing = cups
printcap name = cups

then manually set print command is ignored.

Well, without print command how can I force the printer
to print banner page every time job is sent? 

Should I go back to printing = sysv and printcap = lpstat in order
to have my banner pages back?

Thanks
Peter
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] security=domain problem

2003-10-23 Thread tsvi 
Hi Andrew
i think 
   security = server
   password server = name_of_password_server
will get you there
tsvi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] How do I add a printer as a samba domain resource

2003-10-23 Thread tsvi 
Hi doug
using
  printer admin = names of admins
will allow you to change access rights to printers from windows boxes(at
least win2k) if you are logged in to the windows box as one
of the printer admin.
if you use another box as a password server you can use
  security = server
  password server = name_of_password_server
to authenticate users using that box.
tsvi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Bug

2003-10-23 Thread Predator SEF 
samba 3.0.0

his have bug : in module recycled bin
if i set mask on share directory and file, and set recycle:touch=true
files in recycled directory have acces violatation correct,
but directory (.recycled and his subdir) create with fixed mask 0700 (my mask 
for directory ignored)
and this is problem if on share work more than one user

-- 
Best RegardsPredator SEF

mail: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

CVS update: samba/source

2003-10-23 Thread sharpe 

Date:   Thu Oct 23 06:35:44 2003
Author: sharpe

Update of /data/cvs/samba/source
In directory dp.samba.org:/tmp/cvs-serv14023

Modified Files:
Makefile.in 
Log Message:

Apply the changes to libsmbclient that derrell has contributed. Fix some
of the problems with this.

From: [EMAIL PROTECTED]



Revisions:
Makefile.in 1.728 = 1.729

http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.728r2=1.729

CVS update: samba/source/libsmb

2003-10-23 Thread sharpe 

Date:   Thu Oct 23 06:35:45 2003
Author: sharpe

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv14023/libsmb

Modified Files:
libsmb_compat.c libsmbclient.c 
Log Message:

Apply the changes to libsmbclient that derrell has contributed. Fix some
of the problems with this.

From: [EMAIL PROTECTED]



Revisions:
libsmb_compat.c 1.4 = 1.5

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/libsmb_compat.c.diff?r1=1.4r2=1.5
libsmbclient.c  1.74 = 1.75

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/libsmbclient.c.diff?r1=1.74r2=1.75

CVS update: samba/source/include

2003-10-23 Thread sharpe 

Date:   Thu Oct 23 06:35:45 2003
Author: sharpe

Update of /data/cvs/samba/source/include
In directory dp.samba.org:/tmp/cvs-serv14023/include

Modified Files:
libsmbclient.h 
Log Message:

Apply the changes to libsmbclient that derrell has contributed. Fix some
of the problems with this.

From: [EMAIL PROTECTED]



Revisions:
libsmbclient.h  1.23 = 1.24

http://www.samba.org/cgi-bin/cvsweb/samba/source/include/libsmbclient.h.diff?r1=1.23r2=1.24

CVS update: samba/source/libsmb

2003-10-23 Thread vlendec 

Date:   Thu Oct 23 13:45:48 2003
Author: vlendec

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv9268

Modified Files:
  Tag: SAMBA_3_0
clisecdesc.c 
Log Message:
According to Ethereal we have a 32-Bit quantity here. And with SSVAL valgrind
reports an unitialized read which is obviously correct. And I hate valgrind
errors ;-)

Volker


Revisions:
clisecdesc.c1.13.2.4 = 1.13.2.5

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/clisecdesc.c.diff?r1=1.13.2.4r2=1.13.2.5

CVS update: samba/source/libsmb

2003-10-23 Thread vlendec 

Date:   Thu Oct 23 13:46:32 2003
Author: vlendec

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv9656

Modified Files:
clisecdesc.c 
Log Message:
Merge from 3_0:

According to Ethereal we have a 32-Bit quantity here. And with SSVAL valgrind
reports an unitialized read which is obviously correct. And I hate valgrind
errors ;-)

Volker


Revisions:
clisecdesc.c1.17 = 1.18

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/clisecdesc.c.diff?r1=1.17r2=1.18

CVS update: samba/source/lib

2003-10-23 Thread jmcd 

Date:   Thu Oct 23 13:47:17 2003
Author: jmcd

Update of /home/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv9711/lib

Modified Files:
  Tag: SAMBA_3_0
getsmbpass.c 
Log Message:
Volker's fix for bug #668.  Change the \n after the password prompt to go
to tty instead of stdout.


Revisions:
getsmbpass.c1.8.20.4 = 1.8.20.5

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/getsmbpass.c.diff?r1=1.8.20.4r2=1.8.20.5

CVS update: samba/source/lib

2003-10-23 Thread jmcd 

Date:   Thu Oct 23 13:47:21 2003
Author: jmcd

Update of /home/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv9720/lib

Modified Files:
getsmbpass.c 
Log Message:
Volker's fix for bug #668.  Change the \n after the password prompt to go
to tty instead of stdout.


Revisions:
getsmbpass.c1.12 = 1.13

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/getsmbpass.c.diff?r1=1.12r2=1.13

CVS update: samba/source/utils

2003-10-23 Thread jmcd 

Date:   Thu Oct 23 14:33:19 2003
Author: jmcd

Update of /home/cvs/samba/source/utils
In directory dp.samba.org:/tmp/cvs-serv17300/utils

Modified Files:
  Tag: SAMBA_3_0
net.c net.h net_ads.c 
Log Message:
Fix bug 451.  Stop net -P from prompting for machine account password.
Based on work by Ken Cross ([EMAIL PROTECTED]).


Revisions:
net.c   1.43.2.37 = 1.43.2.38

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.43.2.37r2=1.43.2.38
net.h   1.7.2.4 = 1.7.2.5

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.h.diff?r1=1.7.2.4r2=1.7.2.5
net_ads.c   1.37.2.31 = 1.37.2.32

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_ads.c.diff?r1=1.37.2.31r2=1.37.2.32

CVS update: samba/source/utils

2003-10-23 Thread jmcd 

Date:   Thu Oct 23 14:33:21 2003
Author: jmcd

Update of /home/cvs/samba/source/utils
In directory dp.samba.org:/tmp/cvs-serv17280/utils

Modified Files:
net.c net.h net_ads.c 
Log Message:
Fix bug 451.  Stop net -P from prompting for machine account password.
Based on work by Ken Cross ([EMAIL PROTECTED]).



Revisions:
net.c   1.88 = 1.89

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c.diff?r1=1.88r2=1.89
net.h   1.12 = 1.13

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.h.diff?r1=1.12r2=1.13
net_ads.c   1.73 = 1.74

http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_ads.c.diff?r1=1.73r2=1.74

CVS update: sambaweb

2003-10-23 Thread jht 

Date:   Thu Oct 23 15:14:18 2003
Author: jht

Update of /home/cvs/sambaweb
In directory dp.samba.org:/tmp/cvs-serv23024

Modified Files:
books.html 
Log Message:
Added direct Amazon Link to save folks the hassel of searching by post code.


Revisions:
books.html  1.49 = 1.50
http://www.samba.org/cgi-bin/cvsweb/sambaweb/books.html.diff?r1=1.49r2=1.50

CVS update: samba/source/lib

2003-10-23 Thread vlendec 

Date:   Thu Oct 23 16:49:46 2003
Author: vlendec

Update of /data/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv5389

Modified Files:
  Tag: SAMBA_3_0
afs.c util_sec.c 
Log Message:
After a phonecall with jra finally commit this.

This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.

I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.

Volker


Revisions:
afs.c   1.1.2.2 = 1.1.2.3

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/afs.c.diff?r1=1.1.2.2r2=1.1.2.3
util_sec.c  1.17.2.2 = 1.17.2.3

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sec.c.diff?r1=1.17.2.2r2=1.17.2.3

CVS update: samba/source/lib

2003-10-23 Thread vlendec 

Date:   Thu Oct 23 16:51:08 2003
Author: vlendec

Update of /data/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv5773

Modified Files:
afs.c util_sec.c 
Log Message:
Merge from 3_0:

After a phonecall with jra finally commit this.

This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.

I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.

Volker


Revisions:
afs.c   1.3 = 1.4
http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/afs.c.diff?r1=1.3r2=1.4
util_sec.c  1.19 = 1.20

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sec.c.diff?r1=1.19r2=1.20

CVS update: sambaweb/docs

2003-10-23 Thread jht 

Date:   Thu Oct 23 17:49:47 2003
Author: jht

Update of /home/cvs/sambaweb/docs
In directory dp.samba.org:/tmp/cvs-serv14464/docs

Modified Files:
index.html 
Log Message:
Adding links to The Official Samab-3 HOWTO and Reference Guide.


Revisions:
index.html  1.68 = 1.69

http://www.samba.org/cgi-bin/cvsweb/sambaweb/docs/index.html.diff?r1=1.68r2=1.69

CVS update: sambaweb/docs

2003-10-23 Thread jht 

Date:   Thu Oct 23 21:54:18 2003
Author: jht

Update of /home/cvs/sambaweb/docs
In directory dp.samba.org:/tmp/cvs-serv18840/docs

Modified Files:
index.html 
Log Message:
Change requested by Prentice Hall.


Revisions:
index.html  1.69 = 1.70

http://www.samba.org/cgi-bin/cvsweb/sambaweb/docs/index.html.diff?r1=1.69r2=1.70

CVS update: samba/source/auth

2003-10-23 Thread jra 

Date:   Fri Oct 24 01:18:56 2003
Author: jra

Update of /data/cvs/samba/source/auth
In directory dp.samba.org:/tmp/cvs-serv14603/auth

Modified Files:
  Tag: SAMBA_3_0
auth_sam.c 
Log Message:
Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.
Jeremy.


Revisions:
auth_sam.c  1.36.2.23 = 1.36.2.24

http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_sam.c.diff?r1=1.36.2.23r2=1.36.2.24

CVS update: samba/source/auth

2003-10-23 Thread jra 

Date:   Fri Oct 24 01:19:23 2003
Author: jra

Update of /data/cvs/samba/source/auth
In directory dp.samba.org:/tmp/cvs-serv14747/auth

Modified Files:
auth_sam.c 
Log Message:
Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.
Jeremy.


Revisions:
auth_sam.c  1.58 = 1.59

http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_sam.c.diff?r1=1.58r2=1.59

CVS update: samba/source/tdb

2003-10-23 Thread tpot 

Date:   Fri Oct 24 05:44:19 2003
Author: tpot

Update of /data/cvs/samba/source/tdb
In directory dp.samba.org:/tmp/cvs-serv18841

Modified Files:
  Tag: SAMBA_3_0
tdb.c 
Log Message:
Add some debugs in the error paths for tdb_brlock() to help track down
a locking problem on HPUX.


Revisions:
tdb.c   1.106.2.15 = 1.106.2.16

http://www.samba.org/cgi-bin/cvsweb/samba/source/tdb/tdb.c.diff?r1=1.106.2.15r2=1.106.2.16

CVS update: samba/source

2003-10-23 Thread sharpe 

Date:   Fri Oct 24 05:47:39 2003
Author: sharpe

Update of /data/cvs/samba/source
In directory dp.samba.org:/tmp/cvs-serv19392

Modified Files:
configure.in 
Log Message:

Check for va_copy before you check for __va_copy, since va_copy is the 
actual standard, and __va_copy was the proposed standard.



Revisions:
configure.in1.490 = 1.491

http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.490r2=1.491

CVS update: samba/source/lib

2003-10-23 Thread sharpe 

Date:   Fri Oct 24 05:47:39 2003
Author: sharpe

Update of /data/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv19392/lib

Modified Files:
snprintf.c 
Log Message:

Check for va_copy before you check for __va_copy, since va_copy is the 
actual standard, and __va_copy was the proposed standard.



Revisions:
snprintf.c  1.41 = 1.42

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/snprintf.c.diff?r1=1.41r2=1.42